The Agent Skills Directory

[DATA_EXPOSURE]: The skill provides tools to read sensitive browser data, including cookies, clipboard content, and full session states (agent-browser cookies, agent-browser clipboard read, agent-browser state save). These are core features for browser automation but allow access to authentication tokens and user secrets.
[DYNAMIC_EXECUTION]: The agent-browser eval command allows the execution of arbitrary JavaScript within the browser context. The documentation includes best practices for using Base64 encoding and STDIN to safely pass complex scripts through the shell.
[INDIRECT_PROMPT_INJECTION]: The skill interacts with untrusted third-party websites which creates a surface for indirect prompt injection. To mitigate this, the skill supports an optional AGENT_BROWSER_CONTENT_BOUNDARIES environment variable that wraps page content in nonce-based delimiters.
Ingestion points: External web content is ingested via agent-browser open, agent-browser snapshot, and agent-browser get text commands.
Boundary markers: The skill provides a mechanism to use hex nonces for delimiting tool output from page content.
Capability inventory: The tools allow for network navigation, form interaction, file system writes (screenshots, PDFs, and state files), and clipboard access as documented in SKILL.md and references/commands.md.
Sanitization: The skill relies on boundary markers and the agent's internal safety filters rather than proactive text sanitization.

agent-browser