The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to ingest and process content from untrusted external web applications during exploratory testing.
Ingestion points: The scripts/explore.py script (lines 80-155) navigates to external URLs provided by the user and extracts page text, titles, and link metadata to inform exploration decisions.
Boundary markers: The instructions in SKILL.md do not implement boundary markers or provide the agent with explicit guidance to ignore instructions that may be embedded within the target application's UI elements or DOM content.
Capability inventory: The skill facilitates automated browser navigation, screenshot capture, and writing session data to the local filesystem via scripts/explore.py (lines 159-175).
Sanitization: There is no sanitization or filtering of content retrieved from target applications (e.g., in the link discovery logic or page text extraction) before it is processed by the AI.
[COMMAND_EXECUTION]: The skill provides and executes a Python driver script (scripts/explore.py) that interacts with the local filesystem to create directories and save screenshots, logs, and summaries based on user-provided parameters.

qa-exploring-application-ui