secrets-hygiene

SUSPICIOUS. The stated purpose matches a secrets-audit skill, and no external installer, third-party binary, or off-platform data flow is present. However, the capability footprint is broad: it instructs the agent to inventory secrets from env vars, config files, and keychain entries across installed skills, which is sensitive access disproportionate to many normal skills. Because the skill handles high-value credential material on a scheduled basis and the exact reporting/output boundary is not tightly constrained, it carries medium security risk despite no clear exfiltration behavior.