杠精 Gangjing

The 'gangjing' skill is a red-teaming and code-review tool designed to identify vulnerabilities through contrarian analysis and automated testing. It includes a functional test harness (harness.py and harness.js in templates/attack-engine-kit.md) that dynamically loads and executes code from the user's workspace to verify security flaws using a library of injection payloads (SQLi, Command Injection, Path Traversal) defined in attack-patterns.md. While the skill incorporates safety constraints—such as path validation to prevent out-of-bounds access and process isolation for execution—the inherent capability to execute arbitrary code and generate malicious inputs constitutes a high-risk dual-use tool. No evidence of intentional malice, such as credential theft or data exfiltration, was found.