security-audit

SUSPICIOUS. The skill is internally consistent as a security-audit workflow, but it gives an AI agent offensive security testing capabilities against web apps and APIs, including reconnaissance and active probing. There are no clear supply-chain or credential-harvesting signals in the provided text, yet the operational risk remains high because this is an exploit/audit capability for an autonomous agent.