smtp-penetration-testing

This skill is a dual-use SMTP penetration-testing guide that accurately documents techniques to discover and exploit SMTP misconfigurations (banner grabbing, VRFY/EXPN/RCPT enumeration, open-relay testing, brute-force authentication, TLS checks, and SPF/DKIM/DMARC analysis). The capabilities described are consistent with the stated purpose (penetration testing), so purpose-capability alignment is intact. However, the guidance includes concrete, runnable offensive commands (including brute force and open-relay exploitation) that could be misused or cause harm if executed without strict authorization and controls. There are no signs of embedded credential harvesting, third-party exfiltration endpoints, or obfuscated/malicious payloads in the provided content. Primary risks are operational: autonomy abuse (an agent executing these steps unattended), misuse by untrained operators, and collateral impact from sending/spamming external recipients during relay tests. Recommend treating this skill as high-risk to run automatically: require explicit human authorization and auditing before any execution, prefer safe lab targets, and apply rate-limiting and logging when performing actions.