performing-penetration-testing

SUSPICIOUS/HIGH-RISK skill. Its behavior is coherent with its stated purpose, but that purpose is to give an AI agent offensive security scanning capability against live targets and local code. No clear credential harvesting or attacker-controlled exfiltration is shown, so this is not confirmed malware; however, agentic pentesting, broad execution permissions, untrusted remote content handling, and an unseen setup script make it high security risk.