testing-for-open-redirect-vulnerabilities

SUSPICIOUS/HIGH-RISK. The skill is internally consistent as an open-redirect testing guide, but its actual footprint is offensive: it equips an AI agent to execute exploit testing and to chain findings into phishing, token theft, SSO abuse, and cookie exfiltration. Official tools reduce supply-chain concern, yet the use of attacker-controlled domains and Burp Collaborator makes the data-flow risk severe and disproportionate for normal agent use.