scanning-input-validation-practices

SUSPICIOUS: The skill’s purpose is coherent, but its core scanner dependency is unverifiable and its bash-enabled security permissions are broader than necessary. No direct credential theft or explicit exfiltration is shown, so this is not confirmed malware, but it is a high-risk security-scanning skill with unclear supply-chain provenance.