ctf-misc

SUSPICIOUS: the skill is internally coherent as a CTF exploitation reference, and its installs/data flows mostly use normal sources and official endpoints. However, it grants an AI agent broad offensive-security capability—privesc, escapes, RCE, tokenized API actions, and filesystem/network access—so the overall security risk is high even without clear malware or credential-harvesting behavior.