The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data and uses it to perform browser-based actions.
Ingestion points: The text and ref properties in the arguments schema in SKILL.md accept external input.
Boundary markers: No delimiters or instructions are present to prevent the agent from obeying instructions embedded in the processed data.
Capability inventory: The skill can type text and submit forms in a browser session via the Playwright browser_type tool.
Sanitization: No sanitization, escaping, or validation of the input text is performed before it is interacted with in the browser context.

playwright-browser-type