testing-oauth2-implementation-flaws

SUSPICIOUS. The skill is internally consistent with its stated purpose, but that purpose is to give an AI agent offensive OAuth/OIDC testing capability against live systems. Tool references are mostly legitimate, with moderate supply-chain caution for third-party Burp extensions. Not confirmed malware, but high security risk due to exploit-oriented functionality and use of live tokens/codes during testing.