The Agent Skills Directory

[COMMAND_EXECUTION]: The skill facilitates the execution of multiple external security tools, including nmap, whatweb, wafw00f, nuclei, and httpx, which are used to perform active reconnaissance against target URLs provided by the user.\n- [REMOTE_CODE_EXECUTION]: The script scripts/fingerprint_storage.py uses dynamic path modification by inserting a computed relative path (../../results-storage/scripts) into sys.path to load the storage_api module. This dynamic loading pattern is a security concern as it relies on specific local directory structures and bypasses standard Python module resolution.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from external websites via scripts/tech_matcher.py, scripts/waf_detector.py, and scripts/extract_headers.py. There are no boundary markers or delimiters used to isolate this content within the agent's context. Given the skill's capabilities to execute system commands, the lack of sanitization beyond regex-based pattern matching poses a risk if an attacker can control the content of the fingerprinted target.

recon-fingerprint