security-scan

SUSPICIOUS: The core purpose and local scanning behavior are broadly consistent with a security-scan skill, and there is no explicit credential theft or external exfiltration in the provided text. However, delegating fixes to an unpinned community 'fuse-ai-pilot:sniper' subagent creates a transitive trust risk, and the skill processes untrusted code while executing local scripts. Medium security risk, but not confirmed malware.