performing-security-code-review

SUSPICIOUS: the skill is internally aligned with its stated purpose, but it grants an AI agent broad security-scanning and arbitrary shell capabilities, including access to sensitive secrets across a codebase. There is no clear evidence of malware or deceptive exfiltration, yet the combination of offensive-security functionality and Bash(cmd:*) makes the overall risk high.