app-qa-audit

SUSPICIOUS: the skill is internally coherent for deep QA, but its footprint is broad and includes offensive-capable reverse engineering, API extraction, trust probing, and live-target automation. There is no clear credential-harvesting or exfiltration path in the skill text, so this is not malware, but it is a high-risk agent capability set that exceeds ordinary QA documentation.