php-audit-pipeline

SUSPICIOUS/HIGH-RISK but not confirmed malicious. The skill is internally coherent as a PHP security-audit orchestrator and shows no credential harvesting, external exfiltration, or dubious installer behavior. However, it grants an AI agent substantial offensive security analysis capability, including exploit-class coverage and PoC generation, which makes the overall skill high risk under the AI-agent exploit-tooling policy.