security-review

SUSPICIOUS. The skill is internally coherent and not malware-like: no downloads, no external endpoints, no credential forwarding, and no hidden data exfiltration paths. But it equips an AI agent with offensive security review capabilities plus Bash execution, which is a high-risk class of skill even when framed as auditing, so the overall risk is elevated despite low supply-chain and credential risk.