The Agent Skills Directory

[COMMAND_EXECUTION]: The skill identifies and executes shell commands extracted from structured markdown fields (**Setup**, **Action**).\n- [REMOTE_CODE_EXECUTION]: By interpreting external data as executable instructions, the skill provides a mechanism for untrusted input to trigger arbitrary code execution on the host system.\n- [DATA_EXFILTRATION]: Includes instructions for capturing and aggregating sensitive host information, such as system logs (/var/log/app.log) and screenshots, into temporary files in /tmp/claude/ for reporting.\n- [PROMPT_INJECTION]: Employs "anti-rationalization" instructions to bypass safety checks or user interventions, mandating the execution of the full sequence regardless of perceived risks or shortcuts.\n- [PROMPT_INJECTION]: Indirect Prompt Injection Risk Assessment (Category 8):\n
Ingestion points: Markdown files containing **TEST:** markers processed in TASK-PARSING.md.\n
Boundary markers: None (uses structural markers but lacks security boundaries to prevent instruction injection within data fields).\n
Capability inventory: Shell command execution, process termination (kill), screenshot capture, and arbitrary file reading (tail, cp) detailed in EVIDENCE-CAPTURE.md.\n
Sanitization: Absent (commands are extracted via regex and executed without further validation or escaping).

testing-end-user