performing-api-inventory-and-discovery

SUSPICIOUS: the skill is internally consistent for API discovery, but it equips an AI agent with offensive security scanning capabilities against live infrastructure and includes disabled TLS verification. There is no clear credential theft or exfiltration logic, so this is not confirmed malware, but it is a high-risk cybersecurity skill.