dep-audit

SUSPICIOUS: the stated purpose is legitimate, but the skill is overprivileged and delegates execution to repo-local shell scripts and potentially remote npx packages. Data flow is mostly consistent with dependency auditing, yet the combination of wildcard bash/npx permissions, local script execution, and auto-fix behavior makes the skill higher risk than its narrow purpose suggests.