business-logic-attack

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is an explicit offensive how-to guide for abusing web application business logic (payment/transaction manipulation, forged payment callbacks, negative/zero-amount refunds, coupon/points abuse, race-condition double-spend, SMS/code brute-force and reuse, Host-header reset/phishing for account takeover), describing deliberate techniques to commit fraud and account takeover and therefore demonstrates clear malicious intent and high abuse risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly focused on attacking and manipulating payment/transaction functionality: it instructs intercepting and modifying /api/pay requests (amount/price tests including 0 and negative values), forging payment callbacks for third-party payment gateways (Alipay/WeChat/Stripe) and checking/abusing notify_url and total_amount, and performing transfers/points/balance manipulations (POST /api/transfer {"to":"victim","amount":-100}). These are specific, finance-oriented actions (payment gateway callbacks, transfers, balance/points manipulation) that directly enable moving or spoofing money/credits. This meets the "Direct Financial Execution" criteria.