hunt-business-logic

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). Contains explicit, actionable exploitation techniques (scripted header rotation, payment tampering, fake webhook posts, verification bypasses, discovery of internal endpoints) that enable financial fraud, unauthorized monitoring/ATO, and large-scale abuse.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly targets payment flows and contains actionable, payment-specific instructions and payloads. It names payment providers (Stripe, PayPal, Braintree, Smart2Pay), describes intercepting and modifying in-flight prices, and gives concrete examples of initiating payments and POSTing to payment callback/webhook endpoints (including forging success notifications and altered amounts). Those examples are not generic browsing or HTTP guidance — they are specific steps to alter/confirm financial transactions and accept payment confirmations. This grants direct financial execution capability.