arch-security-review

SUSPICIOUS. The skill is largely coherent with its stated purpose and shows no credential theft or exfiltration path, but it grants an AI agent security-audit behavior with Bash access and references a third-party full-trust .NET tool without verification guidance. This is best classified as a high-risk security-review skill rather than malware.