macos-process-injection

SUSPICIOUS/HIGH-RISK. The skill is an offensive exploit playbook for macOS process injection and bypass-adjacent techniques, giving an AI agent concrete intrusion capability. Install-trust issues are limited to an official but unpinned `npx` tool; the main risk is the skill’s explicit exploit functionality and transitive routing to bypass/escalation skills, not confirmed malware or credential theft.

The provided fragment is an attacker-oriented playbook describing multiple privilege-escalation/code-execution techniques (dyld hijacking/proxy dylibs, XPC exploitation, Mach port injection/squatting/exception hijacking, and Electron app compromise via asar patching and DevTools Runtime.evaluate). This is highly indicative of malicious behavior rather than legitimate library functionality. If this content appeared inside an npm package, it would represent an extremely high security risk and should not be trusted. Confidence is limited only by the fact that no actual npm/library source code structure was provided (it appears as documentation/instructions rather than executable module code).