The Agent Skills Directory

[COMMAND_EXECUTION]: Both scripts/agent.py and scripts/process.py utilize subprocess.run to execute the Nikto CLI. While commands are passed as lists (preventing shell injection), the skill relies on the execution of an external security binary based on user-provided target inputs.
[COMMAND_EXECUTION]: The scripts/agent.py file uses the standard xml.etree.ElementTree library to parse Nikto XML output. This parser is vulnerable to XML External Entity (XXE) attacks if processing malicious XML content. This is classified as medium severity due to unsafe deserialization of local data generated by the scanner.
[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection and stored XSS via target data processing.
Ingestion points: The parse_xml function in scripts/process.py reads data from XML files containing responses from external web targets scanned by Nikto.
Boundary markers: Absent.
Capability inventory: The skill can execute shell commands via subprocess and perform local file writes.
Sanitization: Absent. The generate_report function in scripts/process.py interpolates raw target-provided data, such as URIs and descriptions, directly into HTML reports using f-strings without any escaping or sanitization. A malicious target could return content that triggers script execution in a user's browser when the report is viewed.
[SAFE]: The skill references documentation and plugin repositories from official and well-known sources, including GitHub repositories for Nikto and OWASP. These references are documented neutrally as they originate from trusted technology providers.
[PROMPT_INJECTION]: There is a minor metadata inconsistency where the YAML frontmatter lists 'mahipal' as the author, while the LICENSE file credits 'mukul975'. This appears to be a documentation oversight rather than a deceptive practice.

performing-web-application-scanning-with-nikto