The Agent Skills Directory

[COMMAND_EXECUTION]: The skill contains a Python script and a curl probe for performing network reconnaissance. The script uses standard Python libraries (socket, ssl, struct) to interact with remote NTLM-enabled endpoints and parse binary protocol data. The implementation uses repr() formatting for its console output to escape non-printable characters from the server response.
[DATA_EXFILTRATION]: The skill is designed to collect and display information leaked by remote servers (such as internal AD forest names and server hostnames). It does not access or exfiltrate sensitive local data, such as private keys or environment variables, from the user's environment.
[PROMPT_INJECTION]: The skill processes untrusted data from a remote server's HTTP headers (Category 8: Indirect Prompt Injection). 1. Ingestion points: The WWW-Authenticate header value is retrieved from the target host and processed by the script in SKILL.md. 2. Boundary markers: The script uses Python's repr (!r) formatting for output, which serves as a boundary by escaping non-printable characters. 3. Capability inventory: The skill describes using the retrieved information for subsequent reconnaissance or credential testing steps. 4. Sanitization: Values are decoded from Base64 and unpacked using fixed-length struct patterns; string outputs are sanitized via the repr representation.

hunt-ntlm-info