The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py executes AFL++ utility binaries such as afl-cc, afl-cmin, and afl-fuzz. It uses subprocess.run with list-based arguments, which is the recommended method to prevent shell injection vulnerabilities.
[COMMAND_EXECUTION]: The instrument_target function allows the execution of a user-specified compiler binary. While this is a functional requirement for a fuzzing tool, it represents a point where local binaries are invoked based on configuration.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes external data.
Ingestion points: Reads local file paths and contents from the fuzzing output directory in scripts/agent.py.
Boundary markers: No explicit delimiters or instructions are used to separate untrusted data.
Capability inventory: Subprocess execution of local binaries in scripts/agent.py.
Sanitization: Uses safe subprocess call patterns but does not validate the content of the files processed.

performing-fuzzing-with-aflplusplus