The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the agent-browser command-line interface to automate browser tasks. This allows the agent to execute a wide variety of commands on the underlying system to control browser instances, navigate URLs, and simulate user interactions.
[DATA_EXFILTRATION]: The skill provides commands to access highly sensitive browser data, including agent-browser cookies to retrieve session cookies and agent-browser storage to read local and session storage. This could be used to extract authentication tokens or personal user information. Additionally, commands like get text, get html, and screenshot allow for broad extraction of page content.
[REMOTE_CODE_EXECUTION]: The eval command (agent-browser eval "...") enables the execution of arbitrary JavaScript code within the browser context. While this occurs within the browser sandbox, it constitutes dynamic code execution that can be used to bypass UI-based limitations or manipulate page logic.
[PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection because it retrieves and processes content from arbitrary external websites.
Ingestion points: Data enters the agent's context through commands like open, snapshot, get text, and get html (SKILL.md).
Boundary markers: There is no evidence of delimiters or instructions within the skill to differentiate retrieved web content from system instructions.
Capability inventory: The skill grants the agent extensive capabilities, including network request modification (network route), file uploads (upload), and JavaScript execution (eval).
Sanitization: The documentation does not indicate any sanitization or filtering of the content retrieved from web pages before it is presented to the agent.
[EXTERNAL_DOWNLOADS]: The installation instructions involve downloading the agent-browser package via bun and fetching Chromium browser binaries using playwright. These resources are sourced from trusted registries and organizations.

agent-browser