qedgen-auditor

SUSPICIOUS: the skill is internally aligned with Solana security auditing, but it grants an agent meaningful offensive review capability, executes an external CLI with limited provenance shown here, and instructs silent file-writing without per-action consent. No clear credential theft or exfiltration is present, so this is not malware, but it carries moderate-to-high operational risk as an autonomous security tool.