The Agent Skills Directory

[PROMPT_INJECTION]: The skill documents workflows for using Playwright to navigate to and interact with external, untrusted web content, which exposes an indirect prompt injection surface.
Ingestion points: Data is ingested from target URLs using tools like playwright_navigate, playwright_snapshot, and playwright_evaluate as described in reference/playwright-automation.md.
Boundary markers: There are no instructions to use delimiters or ignore potential commands embedded in the retrieved web content.
Capability inventory: The skill utilizes network access, browser interaction, and JavaScript execution capabilities.
Sanitization: No sanitization or validation of the retrieved external content is specified before the agent processes it.
[EXTERNAL_DOWNLOADS]: The documentation in reference/playwright-automation.md recommends the installation of @executeautomation/playwright-mcp-server via npx. This is a third-party package used to provide the browser automation capabilities required for the skill's methodology.
[COMMAND_EXECUTION]: The cheat sheets and attack references (e.g., reference/essential-skills-cheat-sheet.md, reference/web-application-attacks.md) contain numerous examples of dangerous command-line operations, such as curl | bash and whoami. These are documented as payloads for testing command injection vulnerabilities in target applications.

essential-tools