web-app-security-audit

SUSPICIOUS. The skill is internally consistent and uses mostly official tooling, so it is not malware-like or deceptive. However, it gives an AI agent explicit offensive security-audit capability, broad access to sensitive project files, and potential code/config modification paths, which makes it high risk as an agent skill even though its stated purpose is legitimate.