The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides multiple templates and instructions for the agent to generate Python scripts locally (e.g., gen_pkl.py, pickle_exploit.py) and execute them to construct malicious payloads or interact with target systems.
[DATA_EXFILTRATION]: The methodology explicitly includes payloads and strategies for exfiltrating sensitive information from target systems to external, attacker-controlled servers (e.g., using curl to send Base64-encoded flags).
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by requiring the agent to ingest and analyze untrusted data from external sources (target web applications) while having access to powerful execution tools. \n
Ingestion points: SKILL.md identifies Cookies, POST bodies, Hidden fields, and API parameters as data sources. \n
Boundary markers: Absent; there are no instructions for the agent to use delimiters or ignore instructions within the processed data. \n
Capability inventory: The skill references tools such as http_request, create_script, and shell_execute in its evaluation criteria. \n
Sanitization: Absent; the skill does not provide methods for validating or escaping content retrieved from target systems.

deserialization-methodology