engineering-skills

SUSPICIOUS. The core behavior is mostly aligned with the stated purpose of turning local patterns into reusable skills, and there is no direct credential harvesting or remote payload execution. However, the skill relies on an unverified delegated agent and references transitive install/publish commands without clear provenance, so the trust boundary extends beyond what is documented.

SUSPICIOUS: the skill is coherent with its stated security-review purpose, but it equips an AI agent with offensive security and penetration-testing guidance that can be misused against unintended targets. No strong signs of malware, credential harvesting, covert behavior, or suspicious data routing are present in the provided skill text.

SUSPICIOUS/HIGH-RISK skill. Its footprint is internally consistent with a red-team planning skill, but the purpose itself gives an AI agent offensive security capability, including credential-access, defense-evasion, and exfiltration planning. No strong supply-chain or credential-harvesting indicators are present in the supplied text, so this is not confirmed malware; it is a high-risk offensive-security skill.