security-reviewer

SUSPICIOUS. The skill is internally aligned with its stated purpose and shows no hidden install chain, credential harvesting, or exfiltration path. However, it grants an AI agent Bash-enabled offensive security capabilities including penetration testing and reconnaissance, which is inherently high risk even with stated authorization constraints.