exploiting-idor-vulnerabilities

SUSPICIOUS: the skill is internally consistent as an offensive IDOR-testing guide, but that purpose itself is high risk for an AI agent because it enables exploit activity, credential handling, record enumeration, and potentially destructive requests. Install trust is mixed: Burp is official, while the named Burp extension is third-party with some provenance ambiguity. Not confirmed malware, but a high-risk offensive security skill.