foundry-security-spec

SUSPICIOUS: the skill is broadly coherent as a blueprint for an AI-driven security evaluation system, but it carries high inherent risk because it enables offensive security workflows, sandboxed testing, and external publishing. The main inconsistency is install trust: it claims nothing needs installation while directing users to install Spec Kit, and the npm install command appears inconsistent with GitHub's official documentation. No clear malware or credential-harvesting behavior is shown, but the capability set is powerful and should be treated as high-risk.