python-web-debug

SUSPICIOUS/HIGH-RISK skill. Its stated purpose and actual behavior align, but that purpose is explicitly to exploit Python web applications, extract secrets, defeat debugger protections, and achieve remote code execution on targets. There is little supply-chain concern, but the offensive capability and victim-data flows make the overall skill highly dangerous.

This fragment is an end-to-end, weaponized exploitation guide to compute Werkzeug Debugger PIN/authentication material by leaking host identifiers via SSRF/file://, then authenticate to the /console debugger and execute arbitrary OS commands via cmd=__import__('os').popen(...).read(). If such content were embedded in a dependency, it would represent a severe security risk and strong malicious intent.