pentest

SUSPICIOUS/HIGH-RISK skill. Its purpose is explicitly offensive security, and it equips the agent to run real scans and exploitation-oriented tooling against external targets. The largest concerns are the autonomous pentest capability and the broad supply-chain trust placed in many unrelated, unpinned third-party Docker images and wrappers; this fits the skill’s purpose, so it is not deceptive malware, but it is a high-risk security capability that should not be treated as benign.