The Agent Skills Directory

Dynamic JavaScript Execution: The skill includes an eval command that allows the execution of arbitrary JavaScript within the browser context. While this is a standard requirement for complex browser automation, it allows the agent to interact with the page's internal state and should be monitored for unintended actions.
Evidence found in references/commands.md and SKILL.md.
Local File System Access: The skill supports the --allow-file-access flag, enabling the browser to open local files (e.g., file:///path/to/doc.pdf). This allows the agent to process local documents but also creates a surface for data exposure if the agent is directed to a malicious site while local files are open.
Evidence found in SKILL.md under 'Local Files'.
Session and State Persistence: The state save and auth save commands persist session data, including cookies and localStorage, to JSON files. This is a functional feature for maintaining logins across sessions, but these files contain sensitive session tokens and credentials that should be protected from unauthorized access.
Evidence found in templates/authenticated-session.sh and references/session-management.md.
Potential for Indirect Prompt Injection: The skill ingests untrusted data from the web via snapshots and text extraction. This introduces a risk where malicious instructions on a webpage could attempt to influence the agent's behavior.
Ingestion points: Web content is ingested via agent-browser snapshot and agent-browser get text in templates/capture-workflow.sh and SKILL.md.
Boundary markers: The skill provides an opt-in --content-boundaries flag (detailed in SKILL.md) to help the agent distinguish between tool output and page content.
Capability inventory: The skill possesses powerful capabilities including eval (JS execution), file-write (screenshots, PDFs), and navigation to arbitrary URLs.
Sanitization: Content boundaries are used to delimit external content, reducing the risk of the agent obeying instructions embedded in web pages.

agent-browser