agent-browser

SUSPICIOUS: the core browser-testing purpose is plausible, but the skill grants broad authenticated web control, persistent cookie reuse, mandatory web research from untrusted sources, and examples of external messaging and SSH/DB verification. That combination creates high risk of unsafe autonomous actions and prompt-injection-driven misuse, even without clear evidence of malware.

SUSPICIOUS. The stated purpose mostly matches large-scale browser research, but the skill combines high-volume untrusted web ingestion with action-capable agents and undocumented helper CLIs. No clear credential theft or attacker-controlled exfiltration is shown, so this is not confirmed malware, but the unverifiable helper tools and prompt-injection exposure make the overall security risk high.

SUSPICIOUS: the skill’s capabilities mostly match its browser-automation purpose and its CLI source appears plausibly official, but it materially increases risk by combining live web research, untrusted website interaction, persistent authenticated sessions, and scalable automated actions. The main concern is not hidden malware behavior; it is a high-risk operational footprint for an AI agent, especially prompt-injection and autonomous action risk.