sast-xss

This skill is internally consistent and not overtly malicious, but it is a high-risk AI security tool because it enables an agent to perform structured XSS vulnerability discovery and verification against codebases. The main concerns are offensive-security capability, subagent autonomy over untrusted code, and reliance on another skill; there is little evidence of credential theft, exfiltration, or suspicious installs in this snippet.