fuzz

SUSPICIOUS. The skill is internally coherent and uses mostly legitimate install sources for ffuf, but it equips an AI agent with active offensive web fuzzing capabilities against external targets. Main risk is not hidden malware or exfiltration; it is enabling autonomous security scanning and authenticated probing with Bash. The ffuf install guidance looks legitimate, while the SecLists install note is less verifiable and mildly increases supply-chain concern.