browser-workflow-executor

SUSPICIOUS: the skill’s testing purpose is mostly coherent, but its footprint expands into autonomous code changes, test rewriting, PR creation, and CI monitoring. The highest risks are indirect prompt injection from external web content and autonomous external actions through GitHub, not overt malware or credential theft.