ctf-forensics

SUSPICIOUS: Internally coherent as a CTF forensics/offensive-analysis skill, with mostly legitimate package-manager installs and proportionate local-analysis access. Risk is elevated because it equips an agent with dual-use security techniques, broad execution/web capabilities, and a few references to weaker-provenance third-party scripts, but there is no clear credential-harvesting or exfiltration workflow.