python-prototype-pollution

SUSPICIOUS/HIGH-RISK skill. It is not malware by itself and contains no installer or hidden payload, but its actual purpose is to help an AI agent perform offensive security exploitation against Python web applications, including secret extraction, session forgery, file access, and RCE. The main risk is the explicit exploit capability and lack of guardrails, not supply-chain behavior.

The provided fragment is clearly malicious/attack-oriented content: it gives specific, actionable payloads to exploit Python/Flask/Jinja2 internals for RCE, privilege escalation, session forgery, SSTI bypass, and arbitrary file read/import hijacking. While it is not a dependency source file itself, it functions as an exploitation guide with explicit high-impact malicious goals. Treat associated artifacts containing this snippet as highly suspicious.

This fragment is an overtly adversarial exploitation checklist targeting Python introspection and Flask/Sanic internals to reach SSTI, file/template/static exposure, privilege/session/debug manipulation, and ultimately OS command execution (os.system/os.popen/__import__). Although it is not executable by itself, its specificity and direct naming of RCE-capable sinks make the supply-chain risk extremely high; any package/module containing this should be treated as compromised or actively malicious and investigated urgently for how/where these chains are used.