The Agent Skills Directory

[SAFE]: The skill is intended for security education and authorized penetration testing, with all procedures and scripts aligned with these objectives.
[COMMAND_EXECUTION]: Provides standard command-line examples for API testing using common utilities like curl and jq. The instructions are transparent and follow industry standards for security assessments.
[DATA_EXFILTRATION]: The automation script (scripts/agent.py) performs network operations only on user-defined targets and does not transmit data to unauthorized external servers.
[REMOTE_CODE_EXECUTION]: No remote code execution or untrusted script download patterns were detected. The skill references well-known security tools like Burp Suite and Nuclei but does not attempt to install them through unsafe methods.
[CREDENTIALS_UNSAFE]: The skill uses placeholders for sensitive data such as authentication tokens and does not contain hardcoded credentials.

exploiting-mass-assignment-in-rest-apis