websh

SUSPICIOUS. The skill's core capability matches its stated web-navigation purpose, and there is no evident supply-chain or credential-harvesting behavior. However, it grants the agent broad autonomy to interpret intent, fetch arbitrary URLs, and recursively prefetch linked pages in the background, creating meaningful prompt-injection and uncontrolled network-action risk that is disproportionate to a simple browsing helper.