recon-fingerprint

SUSPICIOUS. The skill is internally coherent for web fingerprinting and uses mostly legitimate same-org or registry-backed tools, so it does not look like credential theft or malware. However, it gives an AI agent active reconnaissance and scanning capabilities against external hosts, with unpinned external tool installs and some local result persistence, making it a high-risk security skill even though its data flows are otherwise proportionate.