The Agent Skills Directory

[COMMAND_EXECUTION]: The skill invokes external security scanners (Dalfox, XSStrike, XSpear) via subprocess.run calls in scripts/xss_full_scan.py. This is standard behavior for a security orchestration tool.\n- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection (Category 8) because it fetches and processes HTML from untrusted external URLs.\n
Ingestion points: Untrusted content enters the agent's context through scripts/xss_tester.py, scripts/xss_context_analyzer.py, and scripts/mxss_detector.py.\n
Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands when processing target data.\n
Capability inventory: The agent possesses network access (requests), command execution (subprocess), and database write capabilities (xss_storage.py).\n
Sanitization: The code extracts data using BeautifulSoup but does not sanitize the text for potential instructions targeting the LLM.\n- [EXTERNAL_DOWNLOADS]: The skill performs HTTP GET/POST requests to fetch content from target URLs for analysis.\n- [SAFE]: Static analysis flags Base64 patterns in scripts/blind_xss_tester.py and assets/waf_bypass_payloads.txt. Manual decoding reveals these are benign XSS test strings (e.g., 'alert(1)') rather than malicious code.

exploit-xss