The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes curl commands to interact with a user-defined $TARGET. These commands are standard network diagnostic and security testing tools used for fingerprinting web servers and testing API endpoints.
[REMOTE_CODE_EXECUTION]: While the skill contains payloads designed to trigger Remote Code Execution (RCE) on a target (e.g., prototype pollution and template injection strings), these are instructional examples meant to be sent to an external system for testing purposes. There is no evidence of code execution on the agent's local environment. The automated alert regarding a pipe to 'node' is a false positive; the instruction uses grep to search for the string 'node' in headers, not to execute the node binary.
[DATA_EXFILTRATION]: The skill includes patterns for exfiltrating sensitive environment variables from a remote target via Local File Inclusion (LFI) to /proc/self/environ. This is a documented vulnerability research technique and does not involve the exfiltration of the user's or agent's own local data.

hunt-nodejs