app-navigator

SUSPICIOUS. The core browser-mapping behavior is coherent with the stated purpose and uses no obvious malicious network routing, but the skill stores plaintext credentials in shared project memory and explicitly enables reuse by other skills. That scope is somewhat disproportionate to simple UI mapping, and the follow-on skill invocation adds transitive trust risk. No evidence of confirmed malware or credential exfiltration to third-party services was found.