cairn-ai-pentest

SUSPICIOUS/HIGH RISK. The skill is purpose-aligned for offensive security, but that purpose itself grants an AI agent autonomous exploit/scanning capability, processes untrusted target content, and includes an unsafe shell=True pattern. The install source is only moderately trustworthy based on the provided evidence, with no strong release provenance. No clear credential theft or exfiltration is shown, so this is not confirmed malware, but it is a high-risk offensive automation skill.