The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The documentation in SKILL.md contains hardcoded credentials within a curl example ("password":"password"). Providing static credentials in configuration examples, even as placeholders, increases the risk of them being deployed in production environments verbatim.
[COMMAND_EXECUTION]: SKILL.md provides instructions to execute sudo systemctl for managing system services. While functional for the intended use case, it requires the agent to operate with elevated privileges.
[DATA_EXFILTRATION]: Both scripts/agent.py and scripts/process.py perform network operations to the Nessus REST API. These scripts include logic to explicitly disable SSL/TLS certificate verification (verify=False and SKIP_TLS_VERIFY=true), exposing authentication tokens and sensitive scan data to potential man-in-the-middle (MITM) attacks.
[PROMPT_INJECTION]: The skill processes untrusted external data during scan result parsing.
Ingestion points: scripts/process.py parses .nessus XML files, and scripts/agent.py processes JSON responses from the Nessus API.
Boundary markers: No boundary markers or instructions to ignore embedded commands were found in the reporting logic.
Capability inventory: The skill can perform network requests and write to the local filesystem (nessus_report.json, HTML reports).
Sanitization: While defusedxml is used to prevent XML entity attacks, there is no sanitization of the content extracted from scan results (e.g., service banners or plugin output) before it is interpolated into reports. This creates a surface for indirect prompt injection if an attacker can manipulate the output of a scanned service.

scanning-infrastructure-with-nessus