testing-nonfunctional-suite

SUSPICIOUS: mostly coherent testing guidance, but it grants an AI agent offensive security capability ('penetration testing') and relies on unpinned external CLI execution. No clear credential harvesting, stealth, or malicious exfiltration is shown, so this is high-risk/vulnerable rather than confirmed malware.