The Agent Skills Directory

[NO_CODE]: The skill consists entirely of markdown instructions and does not include any executable scripts, binaries, or configuration files.- [SAFE]: The instructions outline a legitimate security testing methodology for proving or disproving API vulnerability leads. No malicious patterns such as credential theft, environment exfiltration, or obfuscation were detected.- [INDIRECT_PROMPT_INJECTION]: The skill processes potentially untrusted external data (vulnerability findings) and has the implied capability to perform network requests. This creates an attack surface for indirect prompt injection if malicious instructions are embedded in the findings. (Ingestion points: candidate_findings and auth_and_role_context in SKILL.md; Boundary markers: Absent; Capability inventory: Network requests to target_base_url; Sanitization: Absent)

api-exploit-prover