hunt-subdomain

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These are not direct executable download links but include company subdomains, a placeholder ($subdomain), an OAuth callback and a visualstudio feeds host — classic subdomain-takeover / redirect vectors (and documented in the linked writeups) that can be claimed to host malware or phishing content, so they are suspicious for distribution risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document is an offensive how‑to that directly instructs how to discover and claim dangling subdomains and chain takeovers into OAuth auth‑code theft, session hijacking, CSP/CORS abuse, and email spoofing — enabling deliberate malicious exploitation.