saas-session-recon

The saas-session-recon skill presents a comprehensive and aggressive approach to assessing cookie-based API access for SaaS platforms, including multiple execution contexts (Bun/Node, injected browser JS, and extension service worker) and heavy data collection (cookies, storage tokens, Set-Cookie headers, CSP/CORS signals). While the stated purpose is plausible for security testing, the actual footprint exhibits multiple security risks: credential exposure and logging of cookie prefixes, use of unverifiable binaries or external tooling, and complex data flows that can lead to credential exfiltration if not strictly controlled. The installation/execution model (including downloading and running binaries from external sources and injecting scripts into a live browser session) is a red flag for supply-chain and data-leak risks unless all sources are truly trusted, hashes verified, and all sensitive data redacted in logs/reports. Overall, the skill is “SUSPICIOUS” to be safe, with significant security-risk potential if used without rigorous access controls, explicit authorization, and robust data handling policies.