SurfAgent

The skill bundle provides an AI agent with extensive control over a user's local Chrome browser, including high-risk capabilities such as reading and setting browser cookies (`browser_cookies`) and executing arbitrary JavaScript (`browser_evaluate`) within the page context. While these features are aligned with the stated purpose of advanced browser automation and session persistence, they grant the agent access to sensitive login data and the ability to perform actions on the user's behalf. The reliance on an external local daemon and an MCP server (`surfagent-mcp`) further expands the attack surface, as documented in SKILL.md and README.md.