Production hardening: security fixes, code quality, 724 skills complete

- Fix 25 shell=True subprocess calls with list-based commands
- Fix 49 verify=False in defensive skills (env-var override)
- Add timeout to 231 HTTP/subprocess/socket calls
- Fix 6 SQL injection patterns with whitelist validation
- Replace 8 __import__() with standard imports
- Remove 701 unused imports across 442 files
- Add authorized-testing disclaimers to all offensive skills
- Complete 11 incomplete skill directories
- Expand 10 stub SKILL.md files with full content
- Fix 2 YAML parse errors in frontmatter
- Fix 5 pre-existing syntax errors
- Convert 22 hardcoded paths/ports to environment variables
- Back up 21 redundant skill pairs to .bak
- Fix 2 global declaration errors
- 724/724 skills with full folder anatomy (SKILL.md + agent.py + api-reference.md + LICENSE)
- 0 compile errors across all 724 agent.py files

skills/performing-csrf-attack-simulation/scripts/agent.py

@@ -1,4 +1,7 @@
 #!/usr/bin/env python3
+# For authorized penetration testing and educational environments only.
+# Usage against targets without prior mutual consent is illegal.
+# It is the end user's responsibility to obey all applicable local, state and federal laws.
 """
 CSRF Attack Simulation Agent — AUTHORIZED TESTING ONLY
 Tests web applications for Cross-Site Request Forgery vulnerabilities by
@@ -7,14 +10,12 @@ analyzing anti-CSRF protections and generating proof-of-concept payloads.
 WARNING: Only use with explicit written authorization for the target application.
 """
 
-import json
 import re
 import sys
 from datetime import datetime, timezone
-from urllib.parse import urlparse, parse_qs
+from urllib.parse import urlparse
 
 import requests
-from requests.cookies import RequestsCookieJar
 
 
 def analyze_csrf_protections(url: str, session: requests.Session = None) -> dict: