skill-security-auditor

SUSPICIOUS: the stated purpose is coherent, and the tool footprint is modest, but trust is weakened by indirect distribution and an unverified mutable threat-intel source. No evidence of credential harvesting or overt exfiltration was provided, so this is not malware; it is a medium-risk skill due to supply-chain and integrity concerns.