red-team-bundler

SUSPICIOUS: The skill's capabilities mostly match its stated purpose of creating local review bundles, and it does not request credentials or use remote installers. However, it is an offensive-security workflow that packages potentially sensitive project files for external review, and it executes unreviewed local bundler scripts whose behavior is not visible here, creating moderate security risk without clear evidence of malware.