agent-browser

SUSPICIOUS. The core browser automation capability matches the stated purpose, but the skill is high-risk because it combines arbitrary web interaction, credential/session handling, untrusted page ingestion, and Bash execution with few default safeguards. The most notable inconsistency is the silent third-party update check and transitive `npx skills update` flow, which extends trust beyond the claimed upstream source.