browser-exploitation-v8

SUSPICIOUS: the skill’s footprint matches its stated purpose, but that purpose is to arm an AI agent with offensive browser exploitation and sandbox-escape capability. Install sources are mostly official and not the main concern; the core risk is enabling exploit development and attack-chain execution.

This fragment is strongly exploit-oriented: it provides V8 internals introspection/control, heap/layout manipulation tactics, and exploitation chains that culminate in arbitrary memory read/write and execution redirection/sandbox escape concepts. In a supply-chain context, its presence is a major red flag and should be treated as high-risk/likely malicious scaffolding rather than benign utility code.