The Agent Skills Directory

[COMMAND_EXECUTION]: The skill extensively uses shell commands to automate reconnaissance workflows. This includes running security tools (such as subfinder, httpx, and nuclei), managing temporary files in /tmp/, and writing configurations to standard locations like ~/.config/subfinder/config.yaml and shell profiles (~/.zshrc).
[EXTERNAL_DOWNLOADS]: The skill fetches information from external sources including crt.sh and the ProjectDiscovery Chaos API to identify subdomains. It also includes instructions to install the trufflehog3 package from the standard Python package registry and to update nuclei templates.
[CREDENTIALS_UNSAFE]: The instructions guide the user on how to set up API keys for various security services. It uses placeholders (e.g., [YOUR_VT_KEY]) and follows standard practices for environment variable and configuration file management.
[DATA_EXFILTRATION]: While the skill is designed to collect data regarding external targets (reconnaissance), there is no evidence of unauthorized access to or exfiltration of the user's sensitive local data, such as private keys or environment secrets, to an external server.
[PROMPT_INJECTION]: The skill includes prioritization logic and procedural guidelines (e.g., "The 5-Minute Rule" and "Target Scoring") to focus agent efforts. These are standard instructional components and do not contain patterns intended to bypass safety filters or override core agent behavior.

web2-recon