offensive-business-logic

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The document is a dual‑use offensive testing playbook that, while not containing hidden backdoors or remote‑code/exfiltration code, explicitly documents and demonstrates techniques enabling deliberate financial fraud and abuse (e.g., payout-account switching, refund inflation/convert-to-credit, coupon stacking, race amplification, tenant/role mass‑assignment and parameter tampering) and thus represents a high-risk set of actionable malicious patterns.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs fetching and parsing remote application artifacts (e.g., "curl https://app/main.js" and "curl https://app/api/openapi.json | jq ...") so the agent would ingest and act on arbitrary/untrusted third-party web content (the target app's public pages/APIs), which could contain instructions that materially influence subsequent tooling and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly focused on transactional/marketplace/fintech/e‑commerce flows and contains concrete, actionable examples that invoke financial actions (e.g., POST /api/orders/123/refund, POST /api/withdraw, PUT /api/payout-account to change IBAN, payout/account race scenarios, refund conversion to store credit). These are not generic tooling examples but specific API operations to issue refunds, withdraw/payout funds, and change payout destinations — i.e., direct financial execution capabilities.