security-audit

SUSPICIOUS: The core audit behavior is largely aligned and there is no clear exfiltration or credential-harvesting path, but the skill is high-risk by nature because it grants Bash to a security-review agent, processes untrusted code, and includes an explicit transitive skill-install recommendation unrelated to the core audit task.