The Agent Skills Directory

[COMMAND_EXECUTION]: The SKILL.md file contains numerous shell command examples for performing security testing and WAF evasion using tools like curl, wafw00f, and sqlmap.
[DATA_EXFILTRATION]: The scripts/agent.py script performs outbound network requests to a user-defined target URL using the requests library. These requests are used to transmit various exploit payloads for XSS, SQL injection, and path traversal to external systems.
[PROMPT_INJECTION]: Indirect prompt injection attack surface identified in the automated testing script.
Ingestion points: target_url parameter and environment variables in scripts/agent.py.
Boundary markers: Absent; the script does not differentiate between the target application's responses and instructions.
Capability inventory: Full HTTP request capabilities (GET, POST, PUT, etc.) via the requests library.
Sanitization: None; the target URL and injected payloads are processed without validation.

performing-web-application-firewall-bypass