deserialization-insecure

This fragment is not functional library code; it is an exploitation/weaponization reference that substantially enables attackers to craft and deliver deserialization/YAML/ViewState/TypeNameHandling payloads across multiple ecosystems, including concrete RCE-oriented templates and attacker-callback patterns. In a dependency/supply-chain scenario, such content is highly suspicious and should be reviewed for provenance and for whether it is merely documentation or part of a broader malicious package workflow. No direct implant behavior can be confirmed from this fragment alone.

SUSPICIOUS/HIGH-RISK skill. Its footprint is fundamentally that of an AI-agent offensive exploitation manual, with explicit payload generation, remote attack steps, callback-based confirmation, and transitive loading of related attack skills. The main risk is not hidden malware in the text itself but enabling an agent to perform penetration-testing and exploitation actions against targets; collaborator endpoints further raise concern.