gemini-research-browser-use

SUSPICIOUS: the skill is purpose-aligned but high-risk because it duplicates the user's Chrome profile and exposes an authenticated browser session over CDP to bypass API limits. Install sources are mostly legitimate, and data flows go to official Google endpoints rather than an exfiltration proxy, so this is not confirmed malware; however, the session/credential scope is disproportionate and the automation can act within the user's logged-in account.