gha-security-review

This skill is coherent with its stated purpose and shows no malicious install path, credential harvesting, or exfiltration flow. However, it is a high-risk offensive security skill for AI agents because it teaches exploit discovery in GitHub Actions and may expose the agent to prompt-injection content in reviewed repositories. Classification: suspicious/high-risk vulnerable, not confirmed malware.