Broken Authentication Testing

This skill is coherently aligned with its stated purpose of testing broken authentication and session management, but it exhibits significant security and misuse risks. It advocates for offensive testing techniques (brute-force, credential stuffing, MFA bypass) and provides procedural detail that could be misused outside strictly authorized environments. The footprint implies potential data exposure (credentials, tokens) and automated attack patterns without explicit per-action safeguards. Given the combination of offensive methods and sensitive data handling, the skill is best classified as SUSPICIOUS with high risk rather than benign. If adopted, it must be tightly gated behind explicit authorization scopes, controlled test environments, robust logging, and credential handling policies to mitigate abuse and data leakage.