security-audit

SUSPICIOUS. The skill is largely coherent with its stated purpose and uses official GitHub workflows, so it does not look malicious. However, it grants an AI agent high-impact security-review capabilities, can mutate code and GitHub state, and chains into unseen sub-skills, making it medium-risk despite reasonable purpose alignment and approval checkpoints.