The Agent Skills Directory

[DATA_EXFILTRATION]: The skill contains multiple instructions and payloads for sending sensitive local data to an external server. Examples include using curl to POST the contents of flag files and environment variables to attacker.com, as well as using nslookup for DNS-based exfiltration.
[COMMAND_EXECUTION]: The methodology relies on executing numerous third-party security tools and shell commands, including katana, nuclei, subfinder, httpx, and docker, to perform reconnaissance and exploit discovered weaknesses.
[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) because it instructs the agent to ingest and act upon data from untrusted project files. * Ingestion points: package.json, pom.xml, requirements.txt, and CI/CD build logs. * Boundary markers: No delimiters or protective instructions are used when reading these files. * Capability inventory: The skill has extensive access to shell commands, network operations, and package management tools. * Sanitization: There is no evidence of input validation or sanitization before the agent processes external data.
[REMOTE_CODE_EXECUTION]: The skill details how to achieve code execution on target systems by creating malicious packages that utilize install hooks (e.g., preinstall in npm or setup.py in Python) to execute arbitrary shell commands during the installation process.

supply-chain-audit