The Agent Skills Directory

[PROMPT_INJECTION]: The skill includes reference files (e.g., references/protocol-infra-attacks.md) that contain explicit examples of prompt injection payloads, such as "Ignore previous instructions" and system prompt extraction strings, used as educational data for security auditing.
[REMOTE_CODE_EXECUTION]: Multiple reference documents (e.g., references/cicd-supply-chain.md and references/sinks/php.md) contain functional code snippets for achieving remote code execution, including reverse shell commands (/dev/tcp bash sockets) and arbitrary command execution templates intended for proof-of-concept development.
[DATA_EXFILTRATION]: Reference materials provide templates for exfiltrating sensitive data (e.g., environment variables and credentials) to external attacker-controlled domains as part of exploit research documentation.
[COMMAND_EXECUTION]: The orchestration logic for the vuln-swarm command and the Agent Sweep methodology involves the execution of shell commands and the integration of external security tools like Semgrep, CodeQL, and Joern.
[EXTERNAL_DOWNLOADS]: The skill provides instructions for installing and running third-party security toolchains, which may download external binaries or rule packs during the research process.
[PROMPT_INJECTION]: Category 8 Surface
Because this skill is designed to ingest and analyze untrusted source code repositories, it possesses a high attack surface for indirect prompt injection where malicious code in a target repository could attempt to hijack the agent's reasoning logic.

vuln-research