agent-browser

SUSPICIOUS: The stated purpose matches browser automation, so core capabilities are coherent, but the skill has a broad action surface and relies on externally served workflow content through the CLI. Main risks are transitive trust, high-impact autonomous actions on websites/Slack, and prompt-injection exposure from untrusted page content rather than clear malware behavior.