idor-testing

SUSPICIOUS. The skill is internally coherent as an IDOR testing guide, but its actual capability is offensive security enablement for an AI agent: it teaches exploitation, enumeration, and bypass methods against web applications. There is little supply-chain risk and no obvious credential harvesting, but the skill materially increases an agent's ability to conduct unauthorized security testing and access-control abuse.