The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/agent.py script executes nmap and msfconsole using the subprocess module to perform scanning and module searches as part of its intended functionality.
[COMMAND_EXECUTION]: The SKILL.md instructions include commands using sudo for system service management, such as starting the PostgreSQL database and initializing the Metasploit database.
[PROMPT_INJECTION]: The skill's ingestion of external scan results from Nessus files and CSV reports creates a surface for potential indirect prompt injection attacks. Evidence: 1. Ingestion: db_import in SKILL.md and pd.read_csv in scripts/process.py. 2. Boundary markers: Absent. 3. Capability inventory: subprocess calls and Metasploit RPC execution. 4. Sanitization: Absent.
[COMMAND_EXECUTION]: The agent dynamically generates and executes Metasploit resource scripts (.rc) based on user input to automate command sequences in msfconsole.
[REMOTE_CODE_EXECUTION]: The skill facilitates remote code execution against target systems using Metasploit modules for the purpose of validating identified vulnerabilities.
[EXTERNAL_DOWNLOADS]: The scripts/process.py script disables SSL certificate verification (verify=False) when connecting to the Metasploit RPC API, which is a common practice in controlled testing environments but avoids standard security validation.

exploiting-vulnerabilities-with-metasploit-framework