The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides extensive documentation on shell escapes and command execution techniques, such as exploiting SUID binaries, utilizing the docker group for root access, and manipulating restricted bash environments using $0 and arithmetic expansion.
[REMOTE_CODE_EXECUTION]: Detailed instructions are provided for achieving code execution through deserialization vulnerabilities (Python marshal), template injection (XSLT), and service-specific features like PostgreSQL's COPY TO PROGRAM.
[DATA_EXFILTRATION]: Methods for exfiltrating data are described, including DNS tunneling, the use of bash's /dev/tcp virtual files, and specialized Unicode steganography using Variation Selectors or the Tags Block.
[EXTERNAL_DOWNLOADS]: The skill instructs the agent to install several well-known security and data processing libraries (e.g., pwntools, z3-solver, Pillow) from official package registries to support challenge solving.
[PROMPT_INJECTION]: As the skill is designed to process untrusted data from CTF challenges (files, PCAPs, network responses) and has high execution capabilities, it presents a surface for indirect prompt injection. However, this is inherent to its purpose as a security research tool.

ctf-misc