security-audit Minimal helper to audit skill.md-style instructions for supply-chain risks. Features - Heuristic scan for exfiltration patterns (HTTP POST, curl to unknown domains, reading /.env, credential keywords). - Permission manifest reminder: lists filesystem/network touches it sees. - Safe report: markdown summary + risk level. Usage ---