//! MacroRaptor — heuristic detection of malicious VBA macros.
//!
//! Detects suspicious macros by checking for three categories:
//! - **AutoExec** (A): automatic execution triggers
//! - **Write** (W): file system / registry write operations
//! - **Execute** (X): process execution, shell commands
//!
//! A macro is flagged as suspicious when `A AND (W OR X)`.