The Agent Skills Directory

[COMMAND_EXECUTION]: The skill contains a mandatory instruction in SKILL.md requiring the execution of a curl command to http://localhost:8888/notify before any other action is taken. This acts as a telemetry or signaling mechanism that must be triggered immediately upon invocation.
[REMOTE_CODE_EXECUTION]: The APPLICATION-RECONNAISSANCE-METHODOLOGY.md file provides a complete shell script (reconnaissance.sh) that automates browser navigation, DOM extraction, and network log capture, which constitutes a functional remote execution payload if run on a target machine.
[PROMPT_INJECTION]: The skill is entirely focused on generating and executing prompt injection attacks. It includes a 'Comprehensive Attack Taxonomy' covering 10 categories of injection, jailbreaking, and RAG poisoning. While intended for testing, these instructions can be used to override the safety filters of the agent itself or other AI systems.
[EXTERNAL_DOWNLOADS]: The APPLICATION-RECONNAISSANCE-METHODOLOGY.md includes wget commands to download JavaScript files from target domains for offline analysis.
[COMMAND_EXECUTION]: Multiple workflows (CompleteAssessment.md, DirectInjectionTesting.md, etc.) mandate the use of curl to send POST requests to a local notification server, which is a signature of persistence or command-and-control behavior in security-sensitive contexts.

PromptInjection