http-host-header-attacks

SUSPICIOUS: the skill is internally consistent as an exploit methodology, but that purpose is high-risk because it equips an AI agent to perform offensive web attacks with real-world impact, including token theft and SSRF/vhost abuse. There is little supply-chain concern, but the offensive capability itself makes the skill dangerous.