agent-browser

The skill fragment coherently implements a browser automation capability using an external CLI (infsh) and Playwright under the hood, with features that align with its stated purpose (web automation, data extraction, testing). The primary security considerations concern the risks inherent to: (1) downloading and executing an external CLI binary from a remote host, (2) potential data exposure from navigating arbitrary URLs and recording video, and (3) handling of user-provided input data and files. These are typical for a browser automation tool and are not inherently malicious, but they raise supply-chain and data-flow considerations that should be mitigated via pinned versions, verified checksums, least-privilege operation, explicit data-retention policies, and user consent for recording/data capture.