xss-html-injection

High-risk offensive security skill. Its capabilities are internally consistent with its stated purpose, but that purpose is to enable an AI agent to perform exploit development, credential theft demonstrations, session hijacking, phishing-style injection, and data exfiltration against web applications. No suspicious installer or third-party credential-forwarding pattern is present, so this is not confirmed malware, but it materially increases offensive abuse potential and should be treated as dangerous.