The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple shell commands such as curl, grep, and rm. These commands are constructed using variables like $TARGET, $H, $SESSION_COOKIE, and $TOKEN. A lack of proper sanitization or escaping of these variables before they are interpreted by the shell creates a significant risk of command injection if the input data originates from an untrusted source.
[EXTERNAL_DOWNLOADS]: The skill initiates automated network requests to external infrastructure via curl to perform fingerprinting and check credential validity. This involves interacting with and retrieving content from remote hosts specified in the target configuration.
[CREDENTIALS_UNSAFE]: Sensitive authentication data, including session cookies and bearer tokens, are passed directly as command-line arguments to curl. This practice can lead to the exposure of credentials in system logs, process lists, or command history, even though the skill's instructions state they should not be persisted.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) because its control flow is influenced by data retrieved from external sources.
Ingestion points: Reads host information from recon/$TARGET/live-hosts.txt and retrieves HTTP headers and landing-page HTML from external target hosts.
Boundary markers: No boundary markers or 'ignore' instructions are present to distinguish between trusted instructions and untrusted data.
Capability inventory: The skill can execute shell commands and dynamically load/invoke other platform-specific security tools.
Sanitization: No sanitization or validation is performed on the data retrieved from external hosts before it is used to determine which additional skills to invoke.

hunt-dispatch