Compress agent skills

2026-05-11 12:05:04 +01:00
parent e145482cd3
commit 7fed91d98b
20 changed files with 1009 additions and 2350 deletions
--- a/agent-browser/references/security.md
+++ b/agent-browser/references/security.md
@@ -0,0 +1,43 @@
+# Security And Boundaries
+
+By default, `agent-browser` imposes no navigation, action, or output restrictions.
+
+## Content Boundaries
+
+Wrap page-sourced output so agents can distinguish untrusted page content:
+
+```bash
+export AGENT_BROWSER_CONTENT_BOUNDARIES=1
+agent-browser snapshot
+```
+
+## Domain Allowlist
+
+Restrict navigation and subresource connections:
+
+```bash
+export AGENT_BROWSER_ALLOWED_DOMAINS="example.com,*.example.com"
+agent-browser open https://example.com
+```
+
+Include CDN domains the page needs.
+
+## Action Policy
+
+```bash
+export AGENT_BROWSER_ACTION_POLICY=./policy.json
+```
+
+Example policy:
+
+```json
+{"default":"deny","allow":["navigate","snapshot","click","scroll","wait","get"]}
+```
+
+Auth vault operations bypass action policy, but domain allowlist still applies.
+
+## Output Limits
+
+```bash
+export AGENT_BROWSER_MAX_OUTPUT=50000
+```