agent-browser

The agent-browser skill is functionally coherent with its stated purpose (browser automation). It does not contain obvious malicious code or supply-chain download-execute patterns in the provided docs. However, it exposes high-impact capabilities (arbitrary JS eval in page context, network routing/mocking, file upload, state save/load) that can be used to exfiltrate credentials or sensitive files or to manipulate page behavior if misused. Treat usage as medium-risk: require manual review before running with sensitive sessions, avoid passing paths to secret files, encrypt stored state files, and restrict eval/network-route automation to trusted targets.