The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides shell commands for using curl, ffuf, and custom Python scripts to perform LFI attacks and execute system commands on target servers.\n- [DATA_EXFILTRATION]: The tool is designed to extract sensitive information from targets, including system files like /etc/passwd and /etc/shadow, SSH private keys, and web application configuration files such as .env and wp-config.php.\n- [EXTERNAL_DOWNLOADS]: The documentation instructs users to install external tools such as ffuf from GitHub repositories using the go install command.\n- [REMOTE_CODE_EXECUTION]: The skill contains detailed instructions and automated scripts for achieving remote code execution on targets via log poisoning, /proc/self/environ injection, and the exploitation of PHP wrappers like php://input and data://.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes and displays unsanitized data from target server responses. 1. Ingestion points: target response body in scripts/lfi_detector.py and scripts/lfi_exploiter.py. 2. Boundary markers: Absent. 3. Capability inventory: network requests via the requests library and local file-writing operations. 4. Sanitization: Absent.

exploit-lfi