The Agent Skills Directory

[DATA_EXFILTRATION]: The skill provides functional payloads designed to capture and exfiltrate sensitive user information to external, attacker-controlled domains.
Evidence: Includes specific code for stealing 'document.cookie', implementing keyloggers, and exfiltrating session data via 'fetch()' or image redirects to domains like 'attacker.com'.
[COMMAND_EXECUTION]: Provides instructions and payloads for executing arbitrary JavaScript within a target web application's DOM and techniques for bypassing security filters.
Evidence: Lists dangerous sinks such as 'eval()', 'setTimeout()', and 'innerHTML', and demonstrates how to use Base64 encoding and HTML entities to bypass security filters.
[EXTERNAL_DOWNLOADS]: Mentions and encourages the use of external delivery methods and remote domains for hosting malicious content and collecting stolen data.
Evidence: Instructions include using phishing emails, URL shorteners, and external attacker domains for payload delivery and data capture infrastructure.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes untrusted content from target web applications without established security boundaries.
Ingestion points: The workflow processes data from target URLs and user input fields specified in SKILL.md.
Boundary markers: No delimiters or specific warnings are provided to separate external application data from the agent's internal logic.
Capability inventory: The skill provides technical knowledge for browser-based code execution and cross-origin network exfiltration.
Sanitization: No sanitization or validation procedures for handling external web content are mentioned.
[NO_CODE]: The skill consists solely of markdown instructions and does not include any executable script files (.sh, .py, .js) within the package.

Cross-Site Scripting and HTML Injection Testing