security-audit

The skill’s footprint is coherent with its stated purpose of performing a Rails security audit. It relies on standard, trusted tooling from official sources and confines operations to the local project repository without evident credential access, data exfiltration, or download-execute patterns. The risk is low to moderate and proportionate to the task (static analysis, dependency checks, and policy tests). No dangerous data flows or credential forwarding are observed in the described workflow.