security-audit

The security-audit skill presents a coherent, purpose-aligned toolchain for codebase security assessment. Its footprint—using established audit tools, scanning for secrets, and producing remediation guidance—is proportionate to its stated goal. The only notable risk areas are ensuring redaction of any discovered secrets in reports and validating that any report delivery does not inadvertently expose sensitive data to unintended recipients. No unverifiable binaries or autonomous real-world actions are described, and data flows appear consistent with standard security-audit practices. Overall, the skill is BENIGN with medium-security risk considerations due to potential secret exposure in outputs if not properly mitigated.