Security Analyst

This skill is designed for comprehensive offensive security analysis, requiring broad read/write access to the project workspace and the ability to execute shell commands (e.g., `git log`, `npm audit`). It explicitly states it will read sensitive files (including environment and secrets files), generate proof-of-concept exploits, and write these artifacts to disk. While these capabilities are high-risk and could be misused, the skill's documentation and agent prompts consistently frame these actions as part of a legitimate security audit, instructing agents to 'discover and report on' credentials and to 'redact the actual secret' in findings. There is no clear evidence of intentional harmful behavior such as exfiltrating data to arbitrary external endpoints, installing backdoors, or executing malicious remote payloads. The prompt injection examples found in `attack-surface-llm.md` and `cicd-pipeline.md` are for the agent to *identify* in the target codebase, not to execute against the user's environment. The classification is 'suspicious' due to the inherent high-risk nature of its declared capabilities and broad permissions, which, if misinterpreted or subtly altered, could lead to unintended consequences, rather than clear malicious intent.