Find business logic vulnerabilities

Detect business logic vulnerabilities in code

Finding exploitable gaps in payment, workflow, and authorization logic that scanners miss

• · Codebase under analysis
• · sast/architecture.md (run sast-analysis first)

• · sast/businesslogic-results.md with findings
• · Consolidated batch results from subagents

• · sast/architecture.md must exist
• · sast-analysis skill must run first

• · Missing architecture.md causes skill to abort
• · Incomplete threat modeling misses attack scenarios
• · Race condition flaws require concurrent request testing

• · Three-phase approach: threat modeling + batched verify + merge
• · Covers 9 attack categories with concrete examples
• · Uses subagents for parallel exploitation testing