testing-for-broken-access-control

SUSPICIOUS: the skill is purpose-aligned as a broken-access-control testing guide, and its tool references are mostly legitimate, but it gives an AI agent offensive security capabilities with authenticated enumeration and state-changing attack workflows. There is no strong evidence of malware or covert exfiltration, yet the operational risk is high because the skill can be used to probe or exploit real systems if authorization is absent or misrepresented.