---
name: pentest-input-protocol-manipulation
description: "Security assessment skill for input validation abuse and protocol-level manipulation. Use when prompts include injection, parser differential testing, request smuggling, method tampering, header confusion, serialization abuse, or payload mutation for exploitability testing. Do not use when the task is mainly authz boundary review, business workflow abuse, or report synthesis."
---

# Input & Protocol Manipulation

## Activation Triggers (Positive)
- `injection`
- `payload mutation`
- `parser confusion`
- `method tampering`
- `header smuggling`
- `deserialization`
- `request splitting`

## Exclusion Triggers (Negative)
- `idor`
- `role escalation`
- `workflow bypass`
- `final reporting`

## Output Schema
- Test matrix: `vector`, `payload class`, `expected secure behavior`, `observed behavior`
- Validation state: `hypothesis`, `confirmed`, `rejected`
- Minimal reproducible request set

## Instructions
1. Identify the parser or protocol boundary being tested before crafting payloads.
2. Start with low-noise capability checks, then increase payload complexity only when signal appears.
3. Compare positive and negative controls for every high-impact claim.
4. Separate parser anomalies from exploitable security outcomes.
5. Record exact request transformations required to reproduce behavior.
6. Escalate to exploit execution only after deterministic primitive confirmation.

## Should Do
- Use structured payload families and deterministic sequencing.
- Preserve request/response evidence with context and timing.
- Keep tests bounded and reversible by default.

## Should Not Do
- Do not treat status-code differences alone as confirmed vulnerabilities.
- Do not pivot into business logic or access-control verdicts without dedicated validation.
- Do not overfit payload strategy to one stack without cross-checking parser behavior.