The Agent Skills Directory

[DATA_EXFILTRATION]: The skill explicitly instructs the agent to access and read highly sensitive system files and credentials as part of its methodology.
Evidence: The "Sensitive Files to Read" section targets critical paths including ~/.aws/credentials, ~/.ssh/id_rsa, /etc/shadow, and various cloud environment secrets.
It also describes Out-of-Band (OOB) exfiltration techniques using tools like Burp Collaborator to verify data access.
[REMOTE_CODE_EXECUTION]: The skill methodology involves the download and execution of external code from the internet.
Evidence: Phase 4 instructs the agent to clone a repository from GitHub (synacktiv/php_filter_chain_generator) and execute the contained Python script.
The skill also details multiple methods for achieving remote code execution (RCE) on target systems, such as PHP filter chains and log poisoning.
[COMMAND_EXECUTION]: The skill relies on executing a variety of command-line utilities for reconnaissance and exploitation.
Evidence: It utilizes tools like ffuf, wfuzz, dotdotpwn, and gf for automated scanning and traversal testing.
It includes shell commands for manipulating HTTP headers and interacting with server logs to achieve payload execution.
[PROMPT_INJECTION]: The skill's workflow creates a surface for indirect prompt injection by processing untrusted data from external targets.
Ingestion points: Data entering the agent context includes target server responses, retrieved file contents (e.g., via php://filter), and OOB callback data.
Boundary markers: The skill does not implement delimiters or safety instructions to prevent the agent from obeying instructions embedded in the retrieved data.
Capability inventory: The agent has access to bash for tool execution, curl for network requests, and python3 for script execution.
Sanitization: There is no evidence of validation or sanitization of external content before it is processed or used in subsequent commands.

hunt-lfi