qa-chaos-monkey

SUSPICIOUS/HIGH-RISK but not malware: the skill is internally consistent for adversarial API QA and shows no supply-chain abuse or third-party credential routing, but it equips an AI agent with genuine offensive security testing behavior, local secret access, and autonomous live-request execution. Risk comes from capability class and agent permissions, not hidden exfiltration or deceptive installation.