supply-chain-audit

This file is not a normal dependency implementation; it is an offensive, highly actionable supply-chain attack playbook describing how to execute malicious lifecycle hooks, poison container/image artifacts, inject commands into CI/CD, and exfiltrate build-time secrets via multiple channels. Even without executable code in this fragment, its presence in a package/repo should be treated as strongly suspicious and unsuitable for trusted use.

This skill is malicious in purpose and behavior. Its footprint is fundamentally incompatible with a benign supply-chain audit guide because it explicitly instructs registry poisoning, malicious dependency delivery, secret harvesting from build environments, and exfiltration to attacker-controlled hosts.