The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides numerous templates for executing shell commands and system interactions designed for CTF challenges. References like references/bashjails.md include payloads for interacting with internal services (e.g., cat < /dev/tcp/127.0.0.1/PORT), and references/linux-privesc.md details methods for exploiting sudo wildcards.\n- [REMOTE_CODE_EXECUTION]: Detailed instructions for achieving code execution in restricted environments are included. references/pyjails.md demonstrates Python jail escapes via MRO traversal and decorator-based bypasses, while references/games-and-vms-3.md covers marshal code injection techniques.\n- [DATA_EXFILTRATION]: The skill documents techniques for exfiltrating data as part of 'flag' recovery in competitions. references/dns.md explains DNS tunneling and exfiltration via subdomains or TXT records, and references/linux-privesc.md demonstrates credential extraction from service backups.\n- [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection because it instructs the agent to process untrusted data from external CTF challenges while possessing significant execution capabilities. The risk is inherent to the security-centric nature of the skill and lacks explicit sanitization or boundary markers between the agent and the challenge data.

ctf-misc