ln-620-codebase-auditor

SUSPICIOUS: the coordinator's stated purpose matches auditing, and it does not itself install binaries or request credentials, but it expands the agent's trust boundary by mandating execution of multiple other skills and ingestion of untrusted web research. The primary risk is transitive skill execution plus prompt-injection exposure, not confirmed malware or credential theft in this file.