The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses JavaScriptBridge.eval in scripts/web_bridge_sync.gd and SKILL.md to execute JavaScript code in the browser. The commands are constructed by interpolating GDScript variables (such as key, title, and event_name) directly into the JavaScript string templates. This pattern allows for arbitrary JavaScript execution if any of these variables contain malicious payloads (e.g., single quotes used to break out of the string literal).
[DATA_EXFILTRATION]: The send_analytics_event function in scripts/web_bridge_sync.gd provides a mechanism to transmit data to external analytics providers like Google Analytics (gtag). This creates a path for application data to be sent to external domains.
[PROMPT_INJECTION]: The skill creates an indirect injection surface through its handling of browser data.
Ingestion points: Data is read from the browser's localStorage using load_from_local_storage in scripts/web_bridge_sync.gd.
Boundary markers: No boundary markers or security warnings are implemented to distinguish between trusted and untrusted data.
Capability inventory: The skill has the capability to execute code in the host browser environment via JavaScriptBridge.eval.
Sanitization: The skill lacks sanitization, escaping, or validation for identifiers (like storage keys or page titles) before they are interpolated into executable JavaScript blocks.

godot-platform-web