SKILL: CORS Misconfiguration — Credentialed Origins, Reflection, and Trust Boundary Errors AI LOAD INSTRUCTION : Use this skill when browsers can access authenticated APIs cross-origin. Focus on reflected origins, credentialed requests, wildcard trust, parser mistakes, and origin allowlist bypasses. For JSONP hijacking deep dives, same-origin policy internals, honeypot de-anonymization, and CORS vs JSONP comparison, load the companion SCENARIOS.md. Extended Scenarios Also load SCENARIOS.md when you need: - JSONP hijacking complete attack scenario — watering hole + cross-origin data theft - Ho…