The Agent Skills Directory

[COMMAND_EXECUTION]: The skill directs the agent to execute shell commands using curl, ffuf, and git to interact with target systems and perform security testing.- [COMMAND_EXECUTION]: Contains instructions for running local Python code to test for session-based race conditions on remote targets.- [EXTERNAL_DOWNLOADS]: Fetches a specialized security tool from the Synacktiv GitHub repository to assist in generating exploit payloads.- [PROMPT_INJECTION]: The skill processes untrusted data from remote targets, creating an indirect prompt injection surface. * Ingestion points: The agent reads response data from remote servers via curl and requests across all files. * Boundary markers: No specific delimiters or instructions are used to isolate or ignore embedded commands in target response content. * Capability inventory: The agent is authorized to use curl, ffuf, git, and python3 for execution and network operations. * Sanitization: The methodology does not provide mechanisms to sanitize or validate the content retrieved from remote targets before the agent processes it.

lfi-rfi-methodology