The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill references the official SecLists repository on GitHub, which is a widely recognized and trusted resource within the cybersecurity community for penetration testing and research data.
[REMOTE_CODE_EXECUTION]: Contains payload files like Hello.php%00World.txt that include PHP code (<?php phpinfo(); ?>). These are intended as data for testing file upload vulnerabilities and are not executed by the agent or the skill's infrastructure.
[EXTERNAL_DOWNLOADS]: Includes the EICAR standard antivirus test file (eicar-com.txt). This file is a non-malicious string used globally to verify antivirus software functionality; while it triggers security alerts, it is harmless by design.
[COMMAND_EXECUTION]: Includes filenames such as $(hostname) and `hostname` designed to test for command injection vulnerabilities in target systems that process filenames unsafely.

security-payloads