testing-for-broken-access-control

SUSPICIOUS. The skill is internally consistent for authorized penetration testing, with mostly legitimate tooling and no clear exfiltration endpoint, so it is not confirmed malware. However, it gives an AI agent high-risk offensive security capability, uses sensitive live auth tokens across tools/extensions, and can perform impactful authenticated actions against real targets if scope and approval are not tightly controlled.