The Agent Skills Directory

[PROMPT_INJECTION]: The skill introduces an indirect prompt injection surface by processing untrusted output from external targets through its reporting and parsing scripts.\n
Ingestion points: Untrusted data enters the context via scan result files such as critical-findings.jsonl and scan-results.jsonl.\n
Boundary markers: The instructions and scripts do not implement delimiters or 'ignore' instructions to prevent the agent from executing commands potentially embedded in vulnerability findings.\n
Capability inventory: The skill can execute shell commands (nuclei), perform arbitrary network probes, and write results to the file system.\n
Sanitization: There is no evidence of sanitization or verification of external data before it is interpolated into reports or parsed by the provided utility scripts.\n- [EXTERNAL_DOWNLOADS]: Fetches the Nuclei scanning binary and its 7,000+ community-maintained templates from ProjectDiscovery's official GitHub and Docker repositories.\n- [COMMAND_EXECUTION]: Orchestrates the operation of the Nuclei security tool and various helper scripts for CI/CD integration, bulk scanning, and result analysis.\n- [SAFE]: Employs secure configuration patterns by managing authentication tokens, session cookies, and notification webhooks through environment variables instead of hardcoded values.

dast-nuclei