The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's documentation in SKILL.md guides the user to perform reconnaissance using command-line tools such as theHarvester for gathering employee information from sources like LinkedIn.
[EXTERNAL_DOWNLOADS]: The skill references standard and well-known Python libraries, specifically requests, twilio, and Jinja2, for managing calls and rendering report templates. These are legitimate tools for the skill's stated purpose of auditing security awareness.
[PROMPT_INJECTION]: The Python scripts (scripts/agent.py and scripts/process.py) process external data from JSON files containing target lists and campaign results. This constitutes an indirect prompt injection surface where malicious content in the input files could potentially manipulate the agent's analysis or the content of generated reports.
Ingestion points: Untrusted data enters the context through json.load() calls in scripts/agent.py for target and results files.
Boundary markers: The scripts do not use explicit delimiters or instructions to the agent to distinguish between the untrusted data and the reporting logic.
Capability inventory: The scripts perform local file operations (reading JSON and writing JSON/CSV) and console output; no autonomous network exfiltration or system-level modification is implemented in the provided Python code.
Sanitization: No input validation or sanitization is performed on the ingested JSON fields before they are output into reports or printed summaries.

conducting-social-engineering-pretext-call