make-pdf

This code is not obviously malicious by itself, but it creates a high-impact security boundary: it executes a locally resolved external ‘browse’ binary (with an explicit BROWSE_BIN override and PATH/sibling fallbacks) and forwards attacker-controlled HTML/templates and JS expressions to that binary for browser-context execution and PDF rendering. If an attacker can influence BROWSE_BIN/PATH or provide untrusted expression/html/template inputs, the risk becomes significant (binary hijack and arbitrary renderer behavior). Review and harden the browse binary execution provenance, and strictly control caller inputs and environment trust boundaries.

SUSPICIOUS. The core make-pdf function is legitimate and the install provenance appears same-org and documented, but the actual skill footprint is much broader than PDF generation: telemetry, cross-machine memory sync, repo mutation, and git/network behavior are bundled into the workflow. This looks more like an overloaded gstack framework wrapper than a narrowly scoped PDF skill, so the main concern is disproportionate scope and extra data flows rather than confirmed malware.