privilege-escalation-web

该技能与其声明目的基本一致，但目的本身是为 AI 代理提供 Web 权限提升/越权攻击方法，属于高风险 offensive security 能力。未见明显恶意植入、外部数据外传或可疑安装链，因此不像窃密型恶意软件；但作为 exploit 类技能，它会促使代理对目标系统执行未授权安全测试，整体应判为高风险、可疑而非确认恶意。

The provided fragment is an offensive, highly actionable privilege-escalation playbook rather than benign library logic. It describes multiple authorization bypass techniques (mass assignment of role fields, admin endpoint probing, proxy-header trust abuse, cookie/session tampering, SPA front-end authorization bypass, and invite-based role escalation). No direct evidence of malware execution (e.g., exfiltration, backdoors, persistence) is present in the shown text, but its misuse potential and security relevance are high. Additional context would be needed to determine whether any surrounding dependency code executes this content or introduces runtime malicious behavior.