Business logic and workflow abuse assessment for state-machine manipulation, race conditions, replay, quota abuse, order-of-operations flaws, delegated execution abuse, and unauthorized state transitions. Hands off to recon, input/protocol, exploit, or reporting workflows when those become the owner phase.
설치
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
Business logic and workflow abuse assessment for state-machine manipulation, race conditions, replay, quota abuse, order-of-operations flaws, delegated execution abuse, and unauthorized state transitions. Hands off to recon, input/protocol, exploit, or reporting workflows when those become the owner phase.
Business Logic Abuse
Use When
The main question is workflow bypass, race condition, replay, quota abuse, confused deputy behavior, or unauthorized state transition.
A mapped workflow has meaningful business impact if steps are reordered, skipped, repeated, or delegated.
Handoff Criteria
Hand off to pentest-web-application-logic-mapper when the workflow is not mapped well enough to test.
Hand off to pentest-input-protocol-manipulation when parser or payload behavior becomes the main blocker.
Hand off to pentest-exploit-execution-payload-control only after a deterministic business-logic primitive exists.