The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains explicit instructions to override standard human-in-the-loop safety mechanisms. It directs the AI to 'not insert mid-engagement permission gates' and explicitly discourages the use of AskUserQuestion once a high-level initial mode has been selected, labeling such prompts as a 'stall'.
[PROMPT_INJECTION]: The 'DO NOT STOP' directive instructs the agent to maintain execution autonomy and disregard potential safety-check requirements during its operation, specifically stating that 'authorization given at engagement start covers the entire engagement'.
[PROMPT_INJECTION]: The skill outlines the ingestion of untrusted external content (including robots.txt, sitemaps, JS bundles, and decompiled APKs) which creates an attack surface for indirect prompt injection. The skill lacks instructions for implementing data sanitization or boundary markers to differentiate between instructions and data.
Ingestion points: File paths like robots.txt, sitemap.xml, JS bundles, and APK content collected from target servers.
Boundary markers: None identified in the instruction body.
Capability inventory: The instructions imply high-privilege operations such as RCE, SQLi, and credential harvesting using external tools and referenced skills.
Sanitization: No sanitization or validation logic is specified for the ingested content before it is processed by the agent.
[COMMAND_EXECUTION]: The skill references the use of standard system utilities and package managers (such as brew and apt) to install third-party analysis tools like jadx during the engagement process.

redteam-mindset