browser-qa

SUSPICIOUS. The core browser-QA capabilities align with the stated purpose, and there is no clear malware behavior or installer abuse in the skill itself. The main issue is data-flow integrity: screenshots are explicitly uploaded to an unrelated third-party service, which is unnecessary for local QA and can expose sensitive UI data. The combination of arbitrary web-content handling plus browser control and shell access also raises prompt-injection risk. Overall this is coherent as a QA skill, but its external screenshot-hosting step makes it medium risk rather than benign.