exploiting-http-request-smuggling

SUSPICIOUS. The skill is internally consistent as a penetration-testing skill, but its actual function is to equip an AI agent with offensive web exploitation techniques that can harm live users and bypass access controls. Install trust is mixed: official Burp/curl references are normal, but unpinned GitHub-source security tools increase supply-chain risk. No hidden credential harvesting or unrelated data exfiltration path is evident, so this is better classified as high-risk offensive capability rather than confirmed malware.