web-application-mapping

[Skill Scanner] Credential file access detected The manifest is consistent with a legitimate web-application reconnaissance coordinator, but it enables intrusive scans and explicit discovery of high-value sensitive artifacts while delegating execution to unreviewed subagents. This delegation and lack of data-handling and authorization constraints present a moderate supply-chain risk: acceptable for authorized pentesting but SUSPICIOUS for general reuse until subagent implementations, consent controls, and secure handling policies are reviewed and enforced. LLM verification: High-risk orchestration capability but not itself demonstrably malicious. The skill knowingly enables aggressive active scanning and local config reads ('.config' flagged) and mandates immediate delegation, which increases the chance of unauthorized reconnaissance or secret disclosure. Recommend manual review of each subagent, enforce authorization/consent, and add controls to prevent reading/exfiltration of sensitive files and to limit network impact before using.