pentest-business-logic

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content includes multiple high-risk dual-use techniques — real-time request interception and replay (enabling credential/token theft), file-upload polyglots embedding PHP (RCE/backdoor risk), path-traversal filename vectors (filesystem compromise/persistence), and payment/request forgery and replay (financial fraud) — so it presents significant malicious capability if used outside an authorized testing context.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly fetches and processes arbitrary web content (e.g., burp_repeater's target URL, playwright_workflow/playwright_skip_step's workflow_url, and python_requests_workflow's step URLs) so the agent will ingest untrusted public/third-party site responses as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes payment-testing capabilities and names payment gateways. The Core Workflow and Prerequisites call out "Payment Testing" and "test payment methods or sandbox payment environment," and the Tool Categories list "Stripe test mode, PayPal sandbox" for safe payment manipulation testing. Those are specific payment gateway integrations (even if sandbox/test modes) and enable sending/manipulating payments via those APIs, which meets the criteria for Direct Financial Execution.