agent-browser

The skill documentation for agent-browser coherently supports its intended use for advanced, stateful browser automation with session persistence, state management, and network interception. However, it introduces credential-related risks due to handling of JWT cookies and tokens, and relies on external tooling with potential supply-chain drift if version pinning is not enforced. The primary risk drivers are credential exposure via state/logs and the potential misconfiguration of environment paths (Nix/Chromium) that could affect executables. Overall, the security posture is medium: non-malicious by design but susceptible to credential leakage and configuration-related risks. Recommended mitigations include pinning tool versions, securing state/cookie storage (encryption or restricted access), and documenting secure handling practices for tokens and logs.