The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The scripts/debugger.py script implements an eval command that utilizes the Python eval() and exec() functions to run arbitrary code snippets provided via the command line. This allows for the execution of any Python command within the context of the debugged application.- [COMMAND_EXECUTION]: The start functionality in scripts/debugger.py uses the compile() function to prepare and then execute arbitrary local Python scripts. This enables the agent to run any Python file on the filesystem under the debugger's control.- [DATA_EXFILTRATION]: The skill provides deep inspection capabilities for local and global variables through the locals, globals, and inspect commands. This allows for the harvesting of potentially sensitive information, such as environment variables, configuration secrets, or credentials that may be present in the memory of the debugged process.- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it processes and executes content from external scripts without isolation.
Ingestion points: The skill reads and executes code from arbitrary local files provided as arguments to the start command in scripts/debugger.py.
Boundary markers: None present. The skill executes the file content directly.
Capability inventory: The skill has the power to execute arbitrary code (eval, exec, compile), fork processes (os.fork), read files (open), and perform IPC (socket).
Sanitization: No sanitization or safety checks are performed on the script content or the evaluation expressions before execution.

python-debugging