cto

SUSPICIOUS: The stated purpose is coherent and the skill includes strong security boundaries, but the installation reference is inconsistent with the official Chrome DevTools MCP publisher/package naming and is unpinned. This looks more like a supply-chain trust problem than malicious intent; browser-content prompt-injection risk is present but acknowledged and mitigated in the instructions.

SUSPICIOUS: the skill is internally consistent and does not show credential theft, exfiltration, or installer abuse, but it materially expands an AI agent’s offensive security capability by directing autonomous vulnerability discovery across a codebase. Risk comes from enabling security scan behavior and processing untrusted code with subagents, not from malware-like behavior.