ctf-web

SUSPICIOUS. The skill is internally coherent as a CTF web exploitation guide, and its installs mostly use legitimate sources, but it is high risk because it equips an AI agent with offensive security capabilities, arbitrary target interaction, and exploit execution workflows. This is not clear malware or credential theft, but it is an unsafe skill to grant to a general-purpose agent.