Agent Browser 0

This skill wraps a powerful browser automation CLI tool (`agent-browser`). While its stated purpose is legitimate, it exposes high-risk capabilities to the AI agent, particularly the `agent-browser eval` command documented in `SKILL.md`. This command allows arbitrary JavaScript execution within the browser context, creating a significant prompt-injection vulnerability that could be exploited by a malicious prompt to exfiltrate sensitive data (e.g., cookies, local storage, form data) from visited web pages. Other commands like `cookies`, `storage`, `network requests`, and `state save` also provide access to sensitive browser data, further increasing the attack surface. There is no evidence of intentional malice from the skill developer, but these capabilities represent critical vulnerabilities in an AI agent context.