The Agent Skills Directory

[PROMPT_INJECTION]: The agent.py script contains an indirect prompt injection surface because it retrieves and parses JSON data from a user-specified target API (/api/v1/results) and incorporates this untrusted data directly into a report that is then processed by the agent. This could allow a malicious target to influence the agent's behavior or conclusions through crafted responses.
Ingestion points: scripts/agent.py (lines 31-33) fetches and parses JSON content from external network sources.
Boundary markers: Absent; the script does not use delimiters or instructions to ignore embedded content when aggregating findings into the report.
Capability inventory: The skill demonstrates capabilities for network requests (requests.get) and shell command execution (via curl and grep examples in SKILL.md).
Sanitization: No validation, escaping, or filtering is applied to the incoming findings from the API before they are processed.
[DATA_EXFILTRATION]: The agent.py script uses the requests library to perform network operations to arbitrary user-provided targets. It specifically includes the ability to transmit an Authorization bearer token to these external domains. While designed for authenticated scanning, this functionality establishes a path for data exposure to non-whitelisted external endpoints.

performing-content-security-policy-bypass