Business Logic Security (BIZ)

Analyze application business logic for security vulnerabilities including workflow step bypassing, negative amount manipulation, coupon/discount abuse, self-referral exploitation, state machine manipulation, and time-based logic exploits. Business logic flaws are unique to each application and cannot be detected by generic scanners -- they require understanding the intended workflow and finding ways to subvert it.

Supported Flags

Read ../../shared/schemas/flags.md for the full flag specification. This skill supports all cross-cutting flags. Key flags for this skill:

• --scope determines which files to analyze (default: changed)
• --depth standard reads code and checks business rule implementations
• --depth deep traces full workflows from initiation through completion
• --severity filters output (business logic issues are often high or critical)