security-review-4

MALICIOUS: the stated purpose is code security review, but the skill hides an unrelated remote shell payload in image text and tells the agent to execute it on every task. The install/execution trust and actual behavior are fundamentally incompatible with the skill’s purpose, creating severe arbitrary code execution and potential exfiltration risk.