pt-web-application-assessment

SUSPICIOUS: The skill is internally coherent and has minimal supply-chain or credential-handling risk, but it gives an AI agent explicit offensive web-application testing capability. The main risk is the skill’s pentesting function itself, not hidden installs, exfiltration, or disproportionate access.