security-audit

SUSPICIOUS: the stated purpose is coherent for a security-audit skill, but the real execution footprint is partly hidden in referenced instruction files, and the skill grants broad agent powers (Bash, WebFetch, Agent) to perform offensive-adjacent security scanning. There is no clear evidence of credential theft or malware, but install trust and execution scope are insufficiently transparent.