analyzing-cobalt-strike-malleable-profiles

SUSPICIOUS: the skill is purpose-aligned for malware/C2 investigation and does not show credential theft or exfiltration, but it equips an AI agent with active security-scanning capability against remote hosts. Supply-chain trust is moderate rather than severe because dependencies are public and source-available, yet installs are unpinned and the JARM source is implicit.