The Agent Skills Directory

[SAFE]: The skill serves as an instructional resource for security professionals. All code snippets (Python, JavaScript, Bash) are static examples intended to illustrate vulnerability classes such as Mass Assignment, JWT Algorithm Confusion, and Prototype Pollution for testing targets.
[EXTERNAL_DOWNLOADS]: The documentation references multiple high-reputation security research sources, including HackerOne reports, PortSwigger, the official OWASP site, and vendor-specific advisories (F5, Microsoft). These are used correctly as citations for documented vulnerabilities and do not represent a threat.
[COMMAND_EXECUTION]: Example CLI commands (e.g., curl and jq) are provided within markdown blocks as templates for users to perform reconnaissance or vulnerability validation. These commands are not automatically executed by the agent and do not target the host environment.
[PROMPT_INJECTION]: No evidence of prompt injection or attempts to override system safety guidelines was found. The metadata and instructional content are consistent with the stated purpose of a security auditing tool.

hunt-api-misconfig