xss-vulnerability-scanner

SUSPICIOUS/HIGH-RISK vulnerable skill. Its purpose is offensive security scanning, and it grants broad Bash(npm:*) execution plus file write access without concrete package constraints or approval boundaries. No direct credential theft or exfiltration is shown, so this is not confirmed malware, but it is not proportionate to a simple guidance skill.