gathering-security

SUSPICIOUS. The stated purpose is coherent for security work, but the skill’s real risk comes from undocumented transitive skill loading and unverifiable local tooling (`gw`, `gf`, and three sub-skills) combined with broad autonomous security-testing authority. No direct exfiltration or credential-harvesting path is shown, so this is not confirmed malware, but it is a high-risk skill due to transitive trust and offensive-capability scope.