The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides an eval command, allowing for the execution of arbitrary JavaScript within the browser. It includes a base64-encoded variant (-b or --base64) to facilitate the execution of complex scripts while avoiding shell escaping issues. This capability allows the agent to interact dynamically with web pages but could be leveraged to execute malicious code if the agent is misled.
[DATA_EXFILTRATION]: The skill can access and export sensitive session information, such as cookies, local storage, and authentication states, via commands like state save, cookies, and storage. Additionally, the --allow-file-access flag permits reading local files through file:// URLs. These features represent a risk of sensitive data exposure if session files or extracted content are handled improperly.
[EXTERNAL_DOWNLOADS]: The skill uses npx to run the agent-browser CLI and references the appium package for mobile browser automation. These tools are retrieved from external package registries.
[PROMPT_INJECTION]: As the skill is designed to navigate and extract data from the web, it presents a significant surface for indirect prompt injection.
Ingestion points: Data is ingested from external websites via agent-browser open, get text, and snapshot commands (File: SKILL.md).
Boundary markers: The skill does not implement delimiters or specific instructions to isolate web-retrieved content from the agent's core instructions.
Capability inventory: The tool has extensive browser control, including JavaScript execution (eval), file writing (state save), and network access (File: references/commands.md).
Sanitization: There is no evidence of content sanitization or validation performed on data retrieved from the web before it is presented to the agent.

agent-browser