The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill uses new Function() to execute or parse snippets of JavaScript code collected from external websites. Specifically, PackerDeobfuscator.ts and JSVMPDeobfuscator.ts use this method to decode Packer, AAEncode, JSFuck, and JJEncode patterns. If a target website provides a malicious payload that escapes the intended deobfuscation logic, it could execute arbitrary code on the user's host Node.js process.
[COMMAND_EXECUTION]: The skill provides the page eval and debug-eval commands, which allow the AI agent to execute arbitrary JavaScript within the browser context using Puppeteer's page.evaluate and the Chrome DevTools Protocol's Runtime.evaluate. While intended for debugging, this is a powerful capability that can be misused if the agent is compromised via prompt injection.
[EXTERNAL_DOWNLOADS]: The CodeCollector.ts module fetches JavaScript files from any user-provided URL. These files are then processed and sent to external LLM providers (OpenAI or Anthropic) for analysis. This creates a bridge between untrusted external content and the agent's reasoning process.
[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. It ingests code from untrusted external URLs and passes it to LLMs for summarization and analysis without robust sanitization.
Ingestion points: CodeCollector.ts fetches scripts and inline code from the URL provided in the collect command.
Boundary markers: AISummarizer.ts and LLMService.ts wrap the collected code in markdown triple-backticks (e.g., ```javascript), which provides a weak boundary that can be bypassed by malicious comments or strings in the analyzed code.
Capability inventory: The skill possesses dangerous capabilities including PageController.ts (navigation, clicking, typing), DebuggerManager.ts (code evaluation), and HookManager.ts (script injection).
Sanitization: No sanitization or filtering of the collected code is performed before it is interpolated into the prompts for the LLM.

jshook-reverse