mission-control-visual-qa

The skill is designed for remote visual QA via SSH and Puppeteer. The `run-mission-control-visual-qa.sh` script correctly sanitizes user-supplied URLs using `printf '%q'` before passing them to the remote `node` command, preventing shell injection on the remote host. The `mission-control-visual-qa.js` script performs only read-only DOM checks and local screenshot captures, with no evidence of data exfiltration or unauthorized network activity beyond loading the specified URLs. While Puppeteer's `--no-sandbox` flag (in `mission-control-visual-qa.js`) reduces browser isolation, it's a common configuration for headless environments and not indicative of malicious intent, especially given the skill's stated purpose of inspecting authorized internal pages. No prompt injection attempts were found in `SKILL.md`.