fix(security-engineer): correct risk label in ethical-hacking-methodology (#538)

* fix(security-engineer): correct risk label and add AUTHORIZED USE ONLY disclaimer in ethical-hacking-methodology

The skill contains Metasploit persistence commands and backdoor SSH key
installation instructions but was labeled risk:unknown — inconsistent
with every other offensive security skill in this bundle (burp-suite,
cloud-penetration-testing, linux-privilege-escalation all use
risk:offensive). Also adds the AUTHORIZED USE ONLY disclaimer used by
sibling skills in the same bundle.

Co-Authored-By: Claude Code <noreply@anthropic.com>

* fix(security): move risk-label remediation to source skill path

---------

Co-authored-by: claude[bot] <claude[bot]@users.noreply.github.com>
Co-authored-by: Claude Code <noreply@anthropic.com>
Co-authored-by: sickn33 <sickn33@users.noreply.github.com>

skills/ethical-hacking-methodology/SKILL.md

@@ -1,12 +1,14 @@
 ---
 name: ethical-hacking-methodology
 description: "Master the complete penetration testing lifecycle from reconnaissance through reporting. This skill covers the five stages of ethical hacking methodology, essential tools, attack techniques, and professional reporting for authorized security assessments."
-risk: unknown
+risk: offensive
 source: community
 author: zebbern
 date_added: "2026-02-27"
 ---
 
+> AUTHORIZED USE ONLY: Use this skill only for authorized penetration testing engagements, defensive validation, or controlled educational environments.
+
 # Ethical Hacking Methodology
 
 ## Purpose