browser-cli

SUSPICIOUS: the core capability matches a browser automation skill, but install provenance is incomplete and externally deferred, and the available evidence shows a mismatch between the skill's Firefox/browser-cli claims and a likely underlying Chromium/br package. The skill is not overtly malicious, but it is medium risk due to transitive skill installation, unclear execution trust, and high prompt-injection exposure from arbitrary web content plus action-taking browser control.