The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes a wrapper script (ht_run.py) to execute a broad range of penetration testing tools. It explicitly allows the agent to run arbitrary shell commands using the --command argument and supports executing commands with elevated privileges via sudo -n or Docker's --privileged mode to enable raw socket access and network scanning.
[EXTERNAL_DOWNLOADS]: To provide its functionality, the skill is configured to pull numerous third-party Docker images from public registries (e.g., instrumentisto/nmap, projectdiscovery/nuclei, caffix/amass). Additionally, it includes a mechanism to run installation commands for tools not already present in the environment by fetching instructions from an external index.
[PROMPT_INJECTION]: The skill has a significant indirect prompt injection surface as it is designed to ingest and process data from external targets (e.g., web pages, network responses) and feed that data into subsequent command-line operations.
Ingestion points: Data from external targets is ingested via tools like nuclei, httpx, and ffuf and stored in local files (e.g., subs.txt, live.txt) for further processing.
Boundary markers: The instructions do not specify any delimiters or safety warnings to prevent the agent from being influenced by malicious instructions embedded in the scan results.
Capability inventory: The skill possesses extensive system capabilities via ht_run.py, including full network access, filesystem writes, and arbitrary command execution.
Sanitization: There is no evidence of output validation or sanitization before external data is used to construct or drive subsequent agent actions.

pentest