hunt-ato

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The document is explicit, actionable guidance for account takeover attacks (host-header reset poisoning, referer/token exfiltration, predictable/reusable tokens, email-change IDOR, JWT forgery including alg:none and RS256→HS256, password-change without step-up, recovery-answer brute force, and OAuth subdomain takeover) that directly enable credential theft and unauthorized account access.