agent-browser

The skill is mostly aligned with its stated browser-automation purpose, but it is high-impact because it combines untrusted web browsing with the ability to act on pages, persist auth state, inspect cookies/storage, upload files, and run JS. This looks more like a powerful automation capability than malware, but it is risky and should be treated as suspicious/medium-high risk in autonomous agent settings.