client-side

This fragment is not normal dependency implementation code; it is a highly weaponized prototype-pollution exploitation cheat sheet containing actionable payloads for XSS, auth/feature-flag bypass, server-side RCE/process spawning, reverse shell patterns, and data exfiltration. While it does not itself prove a backdoor or active malware execution, its inclusion in a distributed package/artifact would be a significant supply-chain red flag and should trigger deeper review of the actual dependency package files (entrypoints, postinstall scripts, and runtime behavior).

SUSPICIOUS: the skill is coherent with its stated purpose, but that purpose is to equip an AI agent with offensive web-security testing capabilities. There is no evidence of credential theft, covert exfiltration, or malicious installer behavior in the provided text, but the exploit-oriented scope makes it high security risk as an agent skill.

This fragment is an offensive, weaponized clickjacking/XSS cheat sheet with explicit exploit templates, frame-bypass considerations, and payload examples that demonstrate attacker-controlled data exfiltration and external hook/script loading. While it is not a typical software dependency implementation with runtime persistence, packaging or distributing this content presents a severe supply-chain misuse risk and strongly aligns with malicious intent.

This fragment is offensive, dual-use documentation that provides step-by-step workflows and ready-to-use prototype pollution payloads aimed at client-side XSS and server-side privilege escalation/RCE-like behavior, including out-of-band verification guidance. It does not show executable malware or persistence within the fragment itself, but it meaningfully facilitates exploitation and should be treated as high-risk content if present in distributed packages or developer tooling.

This fragment is high-risk offensive material: an exploitation and payload reference for credentialed CORS misconfiguration that instructs how to harvest authenticated API responses and exfiltrate them to attacker infrastructure. There is no evidence of self-executing malware/backdoor behavior in the snippet itself, but distributing this as part of a software dependency significantly elevates misuse risk.

This fragment is explicitly malicious/adversarial content: it provides actionable XSS exploitation payloads and workflows for cookie/session theft, password/clipboard/keylogging capture, CSRF-to-account-takeover chaining via token extraction, internal network scanning, data exfiltration, UI phishing/defacement, and remote hook loading. If present within a software supply chain dependency, it represents an extremely high security risk and strong malware/abuse intent indicator. Obfuscation is not apparent; the danger is the direct offensive payload nature.