xss-detection

SUSPICIOUS. The skill is internally consistent as an XSS pentesting skill, but that stated purpose is itself high risk for an AI agent because it enables offensive security actions and automated exploitation workflows. Supply-chain risk is moderate: Dalfox is official same-org, while the XSStrike install instruction is inconsistent with upstream docs and raises trust concerns.