agent-browser

SUSPICIOUS: the browser automation purpose broadly matches the capabilities, but the trust model is inconsistent. The main issues are the transitive `npx skills add` installation path, broad `Bash(belt *)` scope, and the combination of untrusted web browsing with action-taking features that could amplify prompt injection or unintended submissions. This looks more like a high-risk skill design than confirmed malware.