The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill uses grep to read environment files including .env, .env.local, and .env.development. While the purpose is to identify the development server port, these files are designated as sensitive because they frequently store application secrets and credentials.
[EXTERNAL_DOWNLOADS]: The skill performs a global installation of an external package from the NPM registry (npm install -g agent-browser) and executes a post-installation setup command (agent-browser install) which typically downloads additional binary dependencies.
[COMMAND_EXECUTION]: The skill executes various shell commands to detect the environment, including command -v, git diff for change detection, and gh pr view for GitHub integration. It also uses string manipulation and filtering tools like grep, head, tail, and cut on local configuration files.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external sources (file paths and branch names) and interpolates them into browser automation commands without sanitization.
Ingestion points: The output of git diff --name-only and gh pr view --json files is used to determine navigation routes.
Boundary markers: No boundary markers or delimiters are used to wrap the interpolated filenames or routes.
Capability inventory: The skill possesses significant capabilities including global package installation and full browser control (opening URLs, clicking elements, and taking screenshots).
Sanitization: There is no evidence of sanitization or validation of the routes derived from filenames before they are passed to the agent-browser open command.

test-browser