The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py executes shell commands defined in external YAML files using subprocess.run with shell=True. This occurs in the execute_atomic_manual and run_cleanup functions.
[REMOTE_CODE_EXECUTION]: The skill's primary workflow involves downloading (cloning) the atomic-red-team repository and then executing the attack simulation scripts contained within. This constitutes the execution of code from an external source.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection if an attacker influences the content of the YAML files being processed, as the agent will execute the commands defined in those files.
Ingestion points: scripts/agent.py loads YAML definitions from a user-specified or default directory (./atomic-red-team/atomics).
Boundary markers: No boundary markers are present to distinguish between benign data and instructions within the YAML files.
Capability inventory: The skill has full capability to execute arbitrary shell commands via subprocess.run and perform filesystem operations.
Sanitization: The script uses shlex.quote to sanitize individual input arguments before they are interpolated into the command string, providing partial protection against argument injection but not against malicious base commands.

performing-threat-emulation-with-atomic-red-team