hackthebox

SUSPICIOUS/HIGH-RISK. The skill is internally aligned with Hack The Box operations, but it equips an AI agent for offensive security, uses multi-agent automation, collects a wider-than-necessary secret set, and references Cloudflare bypass guidance. Official HTB/OpenVPN/Slack endpoints reduce outright malware certainty, yet the opaque local secret reader and `/skill-update` keep execution and data-flow trust unresolved.