http-smuggling-advanced

This fragment is an offensive, dual-use HTTP/2 request-smuggling exploitation/detection guide containing proof-of-concept Python that actively connects to remote targets, sends crafted HTTP/2 frames (including smuggled HTTP/1.1 request bytes), and infers success via response/timing differences. It does not show covert malware behaviors (no persistence, credential theft, or exfiltration), but it is highly actionable for bypassing proxy/CDN/WAF controls and targeting protected/internal endpoints. If packaged as a dependency or included in build/install workflows, it represents a significant security and policy risk due to its exploit enablement rather than stealthy compromise.

该技能不是普通开发辅助，而是面向 AI 代理的高级 HTTP 请求走私利用手册。其能力与“exploit”类别一致，但它明确教授凭据窃取、外带回连、ACL 绕过和影响其他用户的攻击链，属于高风险 offensive security skill；未见隐蔽恶意植入证据，因此更适合判定为高风险/可滥用而非确认恶意软件。