browser-auth-flow

SUSPICIOUS: the skill is internally coherent for auth-flow auditing, but it gives an AI agent active security-testing capability against live websites and handles real credentials/session artifacts. No clear exfiltration or malicious data routing is present, yet the offensive testing purpose plus broad tool access and external browser-tool dependency make it medium-to-high risk.