scanning-api-security

SUSPICIOUS: The skill is internally coherent for API security auditing and shows no clear credential theft or exfiltration behavior, but it grants an AI agent purposeful security-testing capability with Bash access. Risk is driven mainly by dual-use exploit/scanning functionality, not by malicious implementation or deceptive data flows.