Agent Browser

The skill bundle provides a powerful browser automation tool with several high-risk capabilities, most notably the ability to extract session cookies and localStorage from a running Chrome instance via the `--auto-connect` flag and save them to plaintext files. It also includes commands for arbitrary JavaScript execution (`eval`), clipboard access, and bypassing HTTPS errors, which are documented in `SKILL.md` and `references/authentication.md`. While these features are presented as legitimate automation tools and include security warnings, they provide a significant surface for session hijacking and data exfiltration if misused by an agent. No evidence of intentional malicious exfiltration or hardcoded malicious endpoints was found.