The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains numerous examples of prompt injection and jailbreaking payloads (e.g., 'Ignore previous instructions', 'DAN' mode) within llm-attacks.md and SKILL.md. These are explicitly provided as educational reference materials for users to test against competition targets. An indirect prompt injection surface is documented in llm-attacks.md where a payload is embedded in a hidden HTML div; this is a demonstration case for research purposes. Ingestion point: Skill file reading. Boundary markers: HTML tags. Capability inventory: Bash, Task, WebFetch. Sanitization: None.
[EXTERNAL_DOWNLOADS]: Documents the installation of standard and reputable machine learning libraries including torch, transformers, numpy, scipy, scikit-learn, Pillow, and safetensors from official package registries.
[REMOTE_CODE_EXECUTION]: Example commands for model analysis utilize torch.load(). Although this function is a known vector for unsafe deserialization, it is used here as a standard tool for inspecting local challenge files provided by the user.
[COMMAND_EXECUTION]: Provides various Python one-liners and scripts for inspecting model formats, comparing weights, and implementing adversarial attacks such as FGSM and PGD.
[DATA_EXFILTRATION]: Includes placeholders for interacting with remote CTF challenge endpoints using curl and the Python requests library (e.g., http://target:8080/api/chat).
[COMMAND_EXECUTION]: Implements several obfuscation techniques (Base64, zero-width characters, homoglyphs) in Python functions as part of its educational modules on evasion attacks.

ctf-ai-ml