The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill configuration and documentation (SKILL.md, references/orchestrator-guide.md) instruct the global installation of the @anthropic-ai/playwright-cli package from the NPM registry and the subsequent download of browser binaries via the cli install command. These resources originate from well-known and reputable sources.
[COMMAND_EXECUTION]: The skill executes various browser automation tasks by invoking the playwright-cli binary on the system as detailed across the command reference documentation.
[REMOTE_CODE_EXECUTION]: The run-code functionality (documented in references/async-and-advanced.md) allows for the assembly and execution of arbitrary asynchronous JavaScript code within the browser instance, providing direct control over the Playwright page object.
[DATA_EXFILTRATION]: The skill includes capabilities to interact with the local file system. The upload command allows reading files from absolute paths to be sent to external web servers, while the download, screenshot, and pdf commands facilitate writing data from the browser to the local environment (SKILL.md, references/form-and-data.md).
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of retrieving and processing content from arbitrary, untrusted web pages. * Ingestion points: Web content and browser logs are ingested into the agent context via open, snapshot, and console commands (SKILL.md, references/debugging.md). * Boundary markers: The instructions lack delimiters or explicit warnings to distinguish untrusted web data from system-level instructions. * Capability inventory: The skill has extensive capabilities, including arbitrary JavaScript execution (run-code) and file system read/write access (upload, download) (references/async-and-advanced.md). * Sanitization: There is no implementation of sanitization or filtering for data retrieved from external URLs before it is processed.

playwright-cli