http-host-header-attacks

SUSPICIOUS: the skill is internally coherent as a Host header attack playbook, but its actual function is to enable offensive exploitation by an AI agent, including token capture via Burp Collaborator and SSRF/vhost abuse. Main risk is offensive security capability and induced data exfiltration, not supply-chain behavior.