input-validation-testing

SUSPICIOUS: The skill is coherent as a security-testing skill and shows no supply-chain, credential-harvesting, or exfiltration behavior, but it gives an AI agent offensive testing instructions without explicit authorization or scope limits. Risk is driven by dual-use security capabilities, not malware indicators.