subfinder

SUSPICIOUS: the skill is internally coherent and uses official install sources, but it grants an AI agent offensive security reconnaissance capability and encourages expansion into active scanning workflows. This is not confirmed malware or credential harvesting, yet it is a high-risk security skill with moderate supply-chain hygiene concerns from unpinned latest installs.