detecting-rootkit-activity

SUSPICIOUS. The skill is internally coherent for malware/rootkit forensics and shows no credential theft or exfiltration path, but it materially expands an AI agent’s offensive/advanced security-analysis capability and references powerful external tools without tightly scoped install guidance. Main risk is capability class, not hidden malicious behavior.