Passo - Remote Browser Access

The skill is suspicious due to the installation method specified in `SKILL.md`. It instructs the agent to execute an external script directly via `curl -fsSL ... | bash` from `https://raw.githubusercontent.com/felipegoulu/passo-client/main/install.sh`. This constitutes a critical remote code execution (RCE) vulnerability and a direct prompt injection against the agent, as it allows arbitrary, unreviewed code from an untrusted external source to be executed on the host system. While the stated purpose of 'Remote Browser Access' is not inherently malicious, this installation method poses a significant supply chain risk and could lead to data exfiltration, persistence, or other harmful actions if the external script were compromised or designed with malicious intent.