autobrowse

No direct evidence of hidden malware, hardcoded credentials, or an explicit backdoor in this module. The primary supply-chain/safety concern is that the model can drive a real child-process (`execFileSync`) to execute the external `browse` CLI with largely unconstrained model-supplied arguments. Additionally, the harness persistently logs assistant reasoning and raw tool outputs to disk and partially to console without redaction, which can amplify the impact of any sensitive content encountered during browsing. Review and harden the external `browse` CLI argument/URL/path handling, and consider enforcing a strict allowlist for allowed `browse` subcommands and parameters within this harness (including constraining destinations and output paths to the trace directory).

SUSPICIOUS. The skill's core purpose is coherent: iterative browser automation training with trace review and strategy refinement. Main risks are proportional but real: external CLI/service trust, processing untrusted web content while holding write/exec permissions, semi-autonomous parallel agents, and local installation of generated downstream skills. No clear credential harvesting, hidden exfiltration endpoint, or malicious mismatch is evident, so this is not malware, but it is a medium-risk skill.