The Agent Skills Directory

[DATA_EXFILTRATION]: The skill provides automated scripts and manual instructions to target and read highly sensitive system files.
Evidence:
Accesses system configuration and credential files: /etc/shadow, /home/user/.ssh/id_rsa, /var/www/html/.env, and C:\Windows\System32\drivers\etc\hosts (found in SKILL.md and scripts/agent.py).
Targets process environment data via /proc/self/environ, which often contains API keys and credentials.
[COMMAND_EXECUTION]: The skill documents and automates techniques to escalate file inclusion vulnerabilities to Remote Code Execution (RCE) on target systems.
Evidence:
Instructions for log poisoning using PHP system commands (e.g., <?php system($_GET['cmd']); ?>) in SKILL.md.
Automation of PHP wrapper exploitation using php://input, expect://id, and data:// protocols in scripts/agent.py.
[EXTERNAL_DOWNLOADS]: The skill references and relies on several third-party security tools and wordlists.
Evidence:
Instructions to install dotdotpwn using apt install.
References to ffuf, Burp Suite Professional, and SecLists wordlists from external GitHub repositories.
[PROMPT_INJECTION]: The script processes external data from untrusted network sources which could lead to indirect prompt injection if the target server returns malicious content that is subsequently processed by the agent.
Evidence:
Ingestion points: resp.text from requests.get() calls in scripts/agent.py is read directly and substrings are included in generated reports.
Boundary markers: None identified; response content is processed without encapsulation or warnings to the LLM.
Capability inventory: The script performs network requests (requests.Session().get) and generates technical reports.
Sanitization: No sanitization or filtering is applied to the response body before searching for indicators or including it in the report logic.

performing-directory-traversal-testing