dev-browser

This skill is a legitimate, powerful browser-automation interface and the documented capabilities align with its stated purpose. However, the provided primitives (especially browser_evaluate, browser_snapshot, and browser_batch_actions) create realistic opportunities for large-scale data collection and accidental or intentional exfiltration of sensitive information (session tokens, PII, credentials, screenshots with secrets). There are no explicit download-and-execute vectors or hardcoded malicious endpoints in the document. The main risks are misuse or overly-broad agent permissions: arbitrary JS execution in page context, bulk scraping, and the workflow that instructs users to show login screens (which may expose secrets in snapshots). Mitigations: restrict agent permissions, require explicit user consent per sensitive action, avoid returning raw snapshots/screenshots that contain secrets, and log/monitor extract actions. Overall this should be treated as medium-to-high risk for data-exposure if used without strict controls.