variant-analysis

SUSPICIOUS: The skill is coherent and does not show credential theft, exfiltration, or suspicious install behavior, but it equips the agent with offensive security analysis capability for finding vulnerability variants across codebases. Risk comes primarily from the security-audit purpose, not from hidden data flows or supply-chain behavior.