The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides a Python script (scripts/agent.py) and various curl commands intended to automate the security assessment of OAuth 2.0 and OpenID Connect endpoints.
[EXTERNAL_DOWNLOADS]: The scripts/agent.py tool requires the requests package, which is a standard and well-known library from the official Python Package Index (PyPI).
[COMMAND_EXECUTION]: In scripts/agent.py, the requests library is used with verify=False across its functions (e.g., discover_oidc_config, test_redirect_uri_bypasses). This disables SSL/TLS certificate verification, which is a common practice in penetration testing tools to ensure compatibility with development or lab environments, though it is a deviation from general security best practices.

exploiting-oauth-misconfiguration