The Agent Skills Directory

[COMMAND_EXECUTION]: The setup-monitor.sh script and SKILL.md instructions modify the user's system crontab (crontab -l | crontab -) to achieve persistence and automate the bot's periodic execution. While aligned with the skill's purpose, this modifies system-level scheduling.
[EXTERNAL_DOWNLOADS]: The setup script executes npm install, downloading packages from the public registry. Note that bot-template.js requires playwright-extra and puppeteer-extra-plugin-stealth, which are missing from the provided package.json file.
[DATA_EXFILTRATION]: The analytics-server.js file exposes the entire project directory via express.static(__dirname). This allows anyone with access to the local web server (port 3002) to download sensitive files including .env (containing Slack webhooks) and session-cookies.json (containing browser session cookies).
[PROMPT_INJECTION]: The skill exhibits a vulnerability surface for Indirect Prompt Injection (Cross-Site Scripting) within the analytics dashboard.
Ingestion points: bot.js extracts content from external websites via Playwright.
Boundary markers: No sanitization or boundary markers are present to distinguish between monitored content and dashboard code.
Capability inventory: The bot writes scraped data to analytics.json, which is then served by analytics-server.js.
Sanitization: dashboard.html utilizes .innerHTML to render activity logs from analytics.json without escaping. An attacker-controlled website could include malicious scripts that execute in the user's browser when they view the dashboard.

web-monitor-bot