ui-test-agent

This skill appears to implement a legitimate UI record-and-report workflow, but take these precautions before using it: - get_screenshot requirement: The SKILL.md insists on a separate get_screenshot tool (and explicitly forbids agent-browser's screenshot) but the package does not include that tool or declare it. Ensure you have a trusted screenshot utility available and update the instructions if needed. - Verify failure-handling: SKILL.md requires that single-step failures do NOT stop the overall recording/processing, but the generated .sh contains 'set -e' and the .bat contains errorlevel-based exits. If you plan to replay the generated shell/batch scripts, either remove 'set -e' or adjust the script generation to match the intended behavior. - Inspect recorded session before replay: The replay scripts execute the recorded 'command' fields verbatim. A malicious or malformed recorded command could execute arbitrary shell commands when you run the generated .sh/.bat. Always review or sanitize session.json (or run replays in an isolated/sandbox environment) before executing generated scripts. - SKILL_DIR path: The SKILL.md suggests a hardcoded SKILL_DIR path. Confirm the actual skill path at runtime or adapt calls to use a resolved path variable instead of assuming ~/.workbuddy/skills/... - Operational recommendation: If you will run this skill, do so in a controlled environment (sandbox/container) the first few times, verify that agent-browser and get_screenshot are the tools you expect, and consider adding sanitization or escaping around recorded commands before generating executable replays. Given these mismatches and the replay risk, treat the skill as 'suspicious' until you confirm the screenshot tool, adjust the failure semantics, and adopt a safe workflow for reviewing recorded sessions before replay.