performing-csrf-attack-simulation

SUSPICIOUS: The skill is internally consistent for a CSRF penetration-testing guide and mostly uses official tools, so it is not a credential-harvesting or supply-chain deception pattern. However, it gives an AI agent explicit offensive security procedures for exploiting authenticated sessions and validating attack success on real targets, which makes the overall risk high despite coherent purpose alignment.