prototype-pollution-advanced

This fragment is not a functional library; it is a prototype-pollution gadget/weaponization reference containing explicit RCE (child_process/NODE_OPTIONS) and XSS payload targeting and build-chain sabotage guidance. While it does not execute by itself here, its distribution in a dependency would be a significant supply-chain concern and warrants review of the broader package contents and provenance for any actual exploit/runtime behavior.

SUSPICIOUS/HIGH-RISK skill. Its footprint is coherent with an offensive security playbook, but that stated purpose itself gives an AI agent concrete exploit capability for RCE and XSS against external targets. No clear credential theft or covert exfiltration is present in the text, so this is not confirmed malware, but it is a high-risk exploit skill with added transitive-skill and external-tool trust concerns.