frontend-mobile-security-xss-scan

SUSPICIOUS: the skill is internally consistent and does not show credential theft or exfiltration, but it gives an AI agent offensive-capable security scanning behavior and is typically installed through a transitive skill platform path. Main risk is agentic security-tool use, not confirmed malware.