Browser Automation

SUSPICIOUS. The skill’s stated purpose matches its browser-automation capabilities, and there is no clear evidence of credential theft or covert exfiltration. However, it relies on an external MCP server, enables arbitrary site interaction, and exposes the agent to indirect prompt injection from untrusted web content, making it medium risk rather than benign.