hunt-race-condition

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The document contains explicit, actionable exploitation techniques (HTTP/2 single-packet, Turbo Intruder templates, shell/Python PoCs, and Flatt's first-sequence-sync) and step-by-step instructions to reliably bypass rate-limits, double-redeem coupons, inflate votes, and brute-force OTPs — i.e., practical offensive guidance enabling financial fraud and large-scale abuse.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly focused on exploiting race conditions in monetary and payment-related flows. It contains concrete, actionable instructions and examples aimed at financial operations: POST payloads and tooling to hit endpoints like /redeem, /checkout, /purchase, /transfer, and /faucet/transfer; concrete attack templates (Turbo Intruder, curl, asyncio) to duplicate coupon/gift-card redemptions and wallet/credit transfers; and real-world Stripe/crypto 사례s. This is not merely generic automation — the primary and explicit intent is to manipulate payment/credit/wallet flows (double-redemptions, double-spends, promo abuse), which amounts to direct financial execution capability.