web-app-security-audit

SUSPICIOUS: the skill is purpose-aligned, but its purpose is to give an AI agent offensive security testing capability with command execution against web targets. Install trust is mostly acceptable, with moderate supply-chain risk from external tooling and weaker verification for testssl.sh. No clear credential theft or exfiltration is present, so this is high-risk security tooling rather than confirmed malware.