performing-web-application-penetration-test

SUSPICIOUS/HIGH-RISK skill. Its stated purpose is coherent, but it grants an AI agent explicit offensive security capabilities against web applications, including exploit development, fuzzing, auth abuse, and callback-based testing. There is no strong sign of malware or deceptive credential harvesting, yet the operational risk is high because the skill could be misused against unintended targets and can collect sensitive application data during execution.