pentest-exploit-validation

This skill is a legitimate pentest/exploitation orchestration specification: capabilities align with its purpose (active exploitation, evidence collection, classification). However, it explicitly instructs sensitive and high-impact actions (data exfiltration, RCE, cloud metadata access) that are dangerous if misused. The document requires written authorization and isolated environments, which is appropriate, but it lacks detailed safeguards for handling captured secrets, evidence retention, and enforcement of scope. No signs of obfuscation or third-party credential-harvesting redirects are present in the provided content. Treat this skill as high-risk for misuse; acceptable within an authorized, well-governed testing program but dangerous otherwise.

The document is a high-risk exploitation playbook containing explicit attack recipes, payloads, and an automation schema that materially lowers the barrier to performing web application attacks (SQLi, XSS, auth/authz, SSRF). While it may be legitimate pentest material, its presence in a public dependency or library is dangerous: it enables automated and manual abuse, potential credential/data theft, and large-scale exploitation if integrated with tooling. Recommended actions: treat as sensitive content — remove from public/package distribution unless access controlled for authorized red-team use; audit repository history for distribution of evidence/artifacts; if found in a dependency, consider blocking/updating the dependency and conducting an organizational review for possible misuse.