The Agent Skills Directory

[COMMAND_EXECUTION]: The shell script assets/nmap_scan_template.sh is vulnerable to command injection through the use of eval. This allows an attacker who can influence the target or port parameters to execute arbitrary code on the host system.\n
Evidence: The script at assets/nmap_scan_template.sh constructs the $NMAP_COMMAND variable using unvalidated inputs from command-line arguments (e.g., TARGET="$1" at line 108 and PORTS="-p $OPTARG" at line 77) and subsequently executes it using eval $NMAP_COMMAND at line 116.\n- [PROMPT_INJECTION]: The skill design presents a surface for indirect prompt injection because it is designed to ingest and parse untrusted data from external security scanner outputs.\n
Ingestion points: scripts/report_parser.py (referenced in documentation) and the main workflow in SKILL.md process results from Nmap, Nessus, and other scanners.\n
Boundary markers: None. There are no instructions or markers telling the agent to treat the scanner output as untrusted data or to ignore instructions embedded within those outputs.\n
Capability inventory: The agent has extensive capabilities including Bash(test:security-*), Write, Edit, Grep, and Glob, which could be abused if an injection is successful.\n
Sanitization: No evidence of output sanitization or validation is provided for the data entering the agent's context from these tools.\n- [SAFE]: The skill's instructions recommend the use of reputable, well-known security tools such as Semgrep, Bandit, Gitleaks, and Trivy for their intended defensive purposes.

performing-security-testing