agent-browser

SUSPICIOUS. The skill’s capabilities broadly match its stated browser-automation purpose, but it is high-impact: it lets an AI agent browse arbitrary sites, submit forms, upload files, run page JS, and route activity through an external service. The installer is same-org official and therefore not an unverifiable-binary case, but the curl|sh path, broad Bash access, remote data handling, indirect prompt-injection exposure, and transitive skill installation make the overall risk medium-high rather than benign.