code-audit

The skill concept is coherent with its stated purpose of performing comprehensive code audits and producing a report. The main security concerns arise from: (1) the planned installation of external auditing tools via user prompts (potential supply-chain risk if unvetted tools are installed), (2) handling and potential exposure of secrets surfaced during scans, and (3) data flows that could involve uploading results to external services if not properly restricted. Overall, the footprint is suspicious rather than malicious: it is a potentially legitimate auditing framework that relies on dynamic tool installation and data outflows that require strict controls (verified tool sources, secret-redaction policies, and explicit data-handling permissions). Recommend tightening: require signed/tool-version pinning, visible vetting steps, redaction of secrets in logs/reports, and explicit user consent for any data exfiltration or remote telemetry.