The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on shell-based interactions using common tools like curl, base64, and flask-unsign to retrieve and manipulate web application cookies.
[PROMPT_INJECTION]: The methodology contains an indirect prompt injection surface by recommending that retrieved cookie strings from external sources be directly interpolated into shell command templates (e.g., during base64 decoding or flask-unsign brute-forcing) without any validation or escaping. Ingestion points: External cookie values from target web servers. Boundary markers: No markers or explicit warnings to isolate untrusted data are provided. Capability inventory: Execution of system commands and potential file system access via tools like flask-unsign. Sanitization: The skill lacks any instructions for sanitizing or escaping the retrieved cookie values before processing them in a shell environment.

cookie-analysis