hunt-brute-force

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs embedding sensitive values (session cookies, OTPs/reset tokens) verbatim into curl/ffuf/hydra commands and test payloads (and would require the agent to ask for or handle those secrets), which creates a direct exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document provides explicit, step-by-step offensive techniques (OTP/full-keyspace brute forcing, username/email enumeration, IP/source rotation to bypass rate limits, credential stuffing, ReDoS payloads, and automation recipes using ffuf/hydra) that enable account takeover, credential theft, and DoS—demonstrating clear intent and high potential for malicious abuse.