The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py executes the nmap command-line utility via subprocess.check_output to perform vulnerability scans against target systems. Additionally, references/workflows.md provides specific commands for establishing persistence on compromised hosts using Meterpreter.
[REMOTE_CODE_EXECUTION]: The skill is specifically designed to facilitate remote code execution on vulnerable systems. It provides functional Python scripts for vulnerability verification and comprehensive documentation for using the Metasploit Framework to achieve RCE via the EternalBlue vulnerability.
[EXTERNAL_DOWNLOADS]: The scripts/process.py script identifies dependencies on external Python packages such as impacket and rich, which are required for SMB protocol interaction and reporting. The documentation also references the use of external tools like msfconsole and crackmapexec.
[DATA_EXFILTRATION]: The skill includes detailed instructions and commands for harvesting sensitive data from compromised remote systems, such as dumping memory-resident credentials, password hashes, and Kerberos tickets using Metasploit modules like kiwi and hashdump.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through its processing of untrusted input data:
Ingestion points: Target identifiers (IP addresses and CIDR ranges) are ingested via command-line arguments in scripts/agent.py and scripts/process.py.
Boundary markers: Absent. The skill does not implement delimiters or safety instructions to prevent the agent from being influenced by potentially malicious content embedded in target data strings.
Capability inventory: The skill utilizes raw network sockets for protocol negotiation and subprocess to execute external binary tools.
Sanitization: The scripts/process.py file uses the ipaddress library to validate CIDR format, providing basic structural validation for network input.

exploiting-ms17-010-eternalblue-vulnerability