The Agent Skills Directory

[COMMAND_EXECUTION]: The skill documents the agent-browser eval command, which enables the execution of arbitrary JavaScript code within the target browser session.- [DATA_EXFILTRATION]: The skill provides commands to access sensitive browser state, such as agent-browser cookies and agent-browser storage local, which could result in the exposure of session credentials or user data.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface because it processes untrusted web content while maintaining significant capabilities. Ingestion points: The agent ingests untrusted data from web pages via the open, snapshot, and various get commands. Boundary markers: The documentation does not specify the use of delimiters or boundary markers to isolate untrusted web content from the agent's instructions. Capability inventory: The skill allows for high-impact actions, including DOM interaction (click, fill), network request routing, and script execution (eval). Sanitization: There is no documented evidence of sanitization or validation for the content retrieved from external web sources.

agent-browser