sage

The fragment is internally consistent with a purely descriptive skill manifest for organizing AI agent capabilities. There are no active code paths, credentials, or network interactions to evaluate for supply-chain risk. It should be reviewed in the context of how an agent loads and executes these skills to ensure proper access control and least-privilege execution, but the provided content itself does not pose an immediate security threat.

This document is an offensive red-team manual with multiple executable examples for exploitation, C2, credential theft, persistence, and covert exfiltration. The code snippets contain high-risk constructs: dynamic execution of decoded payloads, in-memory shellcode execution, DNS/domain-fronted exfiltration, and explicit persistence/backdoor instructions. It should be treated as malicious/dual-use content; inclusion in a library or automated dependency is a high supply-chain risk and not appropriate for general-purpose packages without strict access controls and clear ethical/legal constraints.