The Agent Skills Directory

[DATA_EXFILTRATION]: Accesses and duplicates sensitive browser profile data from the local file system.
Evidence: The skill in browser-debug-setup.mdc reads ~/Library/Application Support/Google/Chrome/Local State using a Python script to identify user profiles.
Evidence: It uses rsync to clone an entire Chrome profile directory (e.g., $HOME/Library/Application Support/Google/Chrome/Profile 1/) to a new location ($HOME/.config/google-chrome-debug-profile/Default/). Chrome profiles contain highly sensitive information including cookies, session tokens, browsing history, and site preferences.
[CREDENTIALS_UNSAFE]: Explicitly instructs the agent to clone signed-in profiles to maintain authentication states.
Evidence: The instructions state: 'Keep auth in that profile. Do not fall back to cookie dumps or state files unless the user asks.' and 'Clone that separate signed-in Chrome profile into the dedicated debug --user-data-dir'. This practice results in active session credentials being copied and stored in a directory managed by the agent, increasing the risk of credential exposure.
[COMMAND_EXECUTION]: Executes multiple shell commands and scripts to modify the system environment and launch applications.
Evidence: Uses python3 to parse local JSON configuration files.
Evidence: Uses rsync to copy large amounts of user data and mkdir/cp for file system manipulation.
Evidence: Launches Google Chrome with the --remote-debugging-port=9222 flag. While restricted to 127.0.0.1, this port allows any process on the local machine to control the browser and access the data within the cloned profile.

browser-debug-setup