setup-browser-cookies

SUSPICIOUS. The cookie-import capability itself fits the stated purpose, and the Bun installer evidence points to an official source rather than obvious malware. The main issue is proportionality: this skill carries a large gstack framework preamble with telemetry, artifact sync, repo mutation, and possible git commits that are unrelated to importing browser cookies. I do not see confirmed credential theft or explicit cookie exfiltration, but the overall footprint is broader and riskier than the purpose suggests.