The Agent Skills Directory

[DATA_EXPOSURE]: The skill discusses methods for accessing sensitive files (e.g., /etc/passwd, /flag) and leaking memory addresses (canaries, libc base, stack pointers). These instructions are provided specifically for solving CTF challenges and analyzing target binaries, rather than exfiltrating data from the user's host environment.\n- [COMMAND_EXECUTION]: Multiple files contain examples of shell commands and exploit scripts used to interact with target systems. For instance, references/kernel.md provides steps to overwrite modprobe_path using a shell script. These commands are intended to be executed within the context of a challenge (e.g., via a remote shell or in a local VM/container) and are characteristic of the skill's primary function.\n- [INDIRECT_PROMPT_INJECTION]: The skill involves the agent ingesting and processing untrusted data, such as output from remote servers (NC ports), user-provided ELF/PE binaries, and file formats like PCAP. This represents an attack surface where a malicious challenge could potentially attempt to influence the agent's behavior through crafted output or metadata. Developers should ensure the agent employs strict sanitization when processing external data.\n- [DYNAMIC_EXECUTION]: The skill provides numerous examples and instructions for generating dynamic executable content, including assembly shellcode, ROP chains, and malicious file payloads (e.g., JIT exploits, PCAP overflows). This is the core requirement for binary exploitation and is handled as expected for a Pwn-focused skill.

ctf-pwn