The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill's examples (e.g., the OWASP ZAP Docker command) explicitly demonstrate passing sensitive credentials like 'testuser' and 'Test@1234' directly in CLI arguments (-config formhandler.fields.field(0).value=testuser). This practice makes credentials visible to any user on the system via process monitoring and saves them in shell history files.
[COMMAND_EXECUTION]: The skill facilitates the execution of powerful security tools through shell commands and Docker containers, including docker run for ZAP and the nuclei CLI, allowing for broad interaction with external network environments.
[DATA_EXFILTRATION]: The skill is designed to probe external web applications and APIs to identify vulnerabilities, which involves sending attack payloads and potentially capturing sensitive server responses or data in generated reports.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the following surface:
Ingestion points: Reads and processes output files such as zap-report.json and nuclei-results.json generated by external tools (SKILL.md).
Boundary markers: No explicit delimiters or instructions to ignore embedded malicious content in the scanner outputs are provided.
Capability inventory: Capable of executing shell commands (Docker, Nuclei) and writing results to the local filesystem.
Sanitization: There is no evidence of sanitization or validation of the scanner output before the agent interprets the findings.

dynamic-application-security-testing