The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill provides an explicit code example for retrieving authentication tokens from the browser via window.localStorage.getItem('auth_token'). Instructing an agent to autonomously access and potentially expose session credentials represents a high risk for credential exposure and session hijacking.\n- [COMMAND_EXECUTION]: The skill uses the javascript_tool to execute arbitrary JavaScript within the browser context. While intended for state inspection, this provides a vector for malicious interaction or data manipulation if the agent is influenced by malicious instructions or data.\n- [DATA_EXFILTRATION]: The skill enables broad data collection capabilities, including read_network_requests to monitor API traffic and computer for capturing screenshots. Without strict constraints, these tools can be used to harvest PII or proprietary business data from the production environment at home.st44.no.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads untrusted data from an external website and possesses high-privilege interaction tools.\n
Ingestion points: The agent ingests data from the target site using read_page, read_console_messages, and get_page_text as documented in SKILL.md.\n
Boundary markers: No delimiters or system-level instructions are present to prevent the agent from obeying commands embedded in the site's content or logs.\n
Capability inventory: The agent has full browser interaction capabilities, including computer (clicks, typing), javascript_tool (arbitrary JS execution), and navigate (redirection).\n
Sanitization: There is no evidence of sanitization or validation of the data retrieved from home.st44.no before it is processed by the LLM.

live-debug