security-audit

The security-audit skill presents a comprehensive, documentation-oriented framework for auditing codebases. It focuses on safe, best-practice patterns and provides guidance rather than executing exploits or exfiltrating data. The footprint is aligned with a developer-facing auditing tool: read-only analysis, pattern-based checks, and remediation recommendations. There is no evidence of downloading/unverifiable binaries, credential harvesting, or autonomous real-world actions. Overall, the skill is BENIGN with MEDIUM-level security risk due to the potential for misapplication if users misinterpret examples as automatic fixes; however, there are no active threat vectors identified within the skill itself.