headless-ghidra-batch-decompile

Purpose and file access are coherent for a reverse-engineering workflow, and no explicit credential theft or exfiltration is shown. However, the skill requires an unverifiable external CLI and grants an AI agent decompilation/security-tooling capability, so it should be classified as SUSPICIOUS with high security risk rather than confirmed malware.