browse

SUSPICIOUS. The core browser-testing capability matches the stated purpose, and the Bun install path is better than typical curl|bash because it pins and verifies the installer. But the skill’s footprint is broader than simple QA: it runs many opaque same-org helper binaries, logs analytics, supports remote telemetry/artifact sync, and can edit/commit project routing files. This looks more like a bundled gstack platform skill than a narrowly scoped browser helper. Not confirmed malicious, but medium risk due to breadth, hidden helper behavior, and untrusted web-content processing with Bash access.

This module is not performing technical exfiltration by itself (no JavaScript/network actions), but it embeds multiple high-risk social-engineering and instruction-injection payloads—including hidden credential-exfiltration instructions and malicious aria-label directives referencing external attacker-controlled domains. Treat the page as hostile content suitable for prompt-injection/credential-theft risk during rendering or automated consumption; review/sanitize untrusted HTML and neutralize or remove embedded external instructions.