The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides specific shell commands for the agent to execute, referring to scripts (byp4xx.sh, 403bypasser.py) that are not part of the skill's file set. Evidence found in references/middleware-combo-bypass.md.
[EXTERNAL_DOWNLOADS]: The skill promotes the use of third-party scanning tools such as byp4xx and 403bypasser. This creates a dependency on external code that is not verified, authenticated, or pinned to a specific source within the skill.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes data from untrusted external endpoints. An attacker controlling a target server could return malicious instructions designed to exploit the agent's command execution capabilities.
Ingestion points: Target URLs and response headers (referenced in SKILL.md and all files in references/).
Boundary markers: Absent. No instructions are provided to the agent to distinguish between valid data and potential instructions in server responses.
Capability inventory: Shell execution (subprocess) via referenced scripts and potential network operations.
Sanitization: Absent. There is no mention of escaping or validating content retrieved from target servers before it enters the agent context.

401-403-bypass