validating-authentication-implementations

SUSPICIOUS: the stated purpose broadly matches authentication security review, but the skill grants powerful Bash-based security scanning capabilities and relies on an external plugin with only moderate provenance evidence. No explicit credential harvesting or exfiltration is shown, so this is not malicious, but it is a medium-risk security-audit skill with broad execution scope.