browse

SUSPICIOUS. The core browsing capability matches the stated purpose, and the install path is mostly consistent with normal developer tooling. However, the skill materially expands agent power by pre-authorizing many Bash-wrapped browser actions, can interact with arbitrary and localhost web content, and creates a high indirect prompt-injection risk from untrusted pages. This is not confirmed malware, but it is a medium/high-risk browsing-and-action skill.