The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py performs automated system enumeration by executing shell commands via the subprocess module to identify potential escalation vectors.
Evidence: The _run method utilizes subprocess.run to execute various system commands such as uname -a, sudo -l, getcap, and find (for SUID binaries).
Intent: The execution is limited to gathering system state information necessary for the skill's primary function of privilege escalation auditing.
[EXTERNAL_DOWNLOADS]: The skill documentation and metadata reference several external security tools and repositories used as industry standards for auditing.
Evidence: SKILL.md and references/api-reference.md suggest the use of linpeas.sh (from carlospolop/PEASS-ng), winPEAS.exe, GTFOBins, and LOLBAS.
Context: These references target well-known open-source security projects and are documented as prerequisites for the assessment workflow.
[SAFE]: The skill exhibits an indirect prompt injection surface through the ingestion of system configuration data, but lacks automated execution chains that would exploit it.
Ingestion points: The check_writable_cron function in scripts/agent.py reads the content of files within /etc/cron.d/ and other cron directories.
Boundary markers: No explicit delimiters or boundary markers are used in the data ingestion or report generation process.
Capability inventory: The script has the capability to execute shell commands via subprocess.run and write results to the local filesystem.
Sanitization: The script uses shlex.split to safely parse commands when shell redirection or piping characters are not detected.

performing-privilege-escalation-assessment