The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it analyzes external, untrusted data to perform security validation. * Ingestion points: Untrusted content is ingested from the source_repo (code) and target_url (HTTP responses) specified in the configuration in SKILL.md. * Boundary markers: The skill implements an 'Authorization Gate' and 'No Exploit, No Report' filters to verify targets, as well as production URL blocking patterns. * Capability inventory: The orchestration involves agents like qe-pentest-validator performing network operations and generating executable proof-of-concept commands (e.g., curl for SQLi and SSRF validation) as detailed in the 'Validation Pipelines' section. * Sanitization: No specific sanitization or escaping of ingested data is documented before processing by the LLM-based agents.
[CREDENTIALS_UNSAFE]: The evals/pentest-validation.yaml file contains hardcoded dummy credentials (e.g., sk-1234567890abcdef) within test fixtures used to evaluate the skill's ability to detect vulnerabilities.
[COMMAND_EXECUTION]: The skill's primary function is to generate and validate exploits, which involves creating executable proof-of-concept commands such as curl requests as described in the orchestration patterns and evaluation tests.
[DATA_EXFILTRATION]: The skill's SSRF and IDOR pipelines involve making network requests to extract sensitive information (e.g., cloud metadata or cross-user data) to prove vulnerability existence.

pentest-validation