The Agent Skills Directory

REMOTE_CODE_EXECUTION (HIGH): The 'UpdateTools.md' workflow executes pdtm -update-all, a command that downloads and installs binary tools from the ProjectDiscovery ecosystem. Since this source is not within the pre-defined trusted organizations, this represents a significant risk of installing and executing unverified remote code on the host system.
COMMAND_EXECUTION (MEDIUM): Tools such as PortScan.ts and SubdomainEnum.ts wrap external binaries (naabu, subfinder, dnsx) and execute them via Bun.spawn or shell templates. While Bun provides protection against basic shell injection, the execution of complex security tools using user-supplied targets maintains a large attack surface.
EXTERNAL_DOWNLOADS (MEDIUM): The skill performs automated fetches from external sources, including crt.sh and bug bounty registries on GitHub. These downloads occur without integrity checks and are processed into the agent's memory.
PROMPT_INJECTION (LOW): This skill is vulnerable to Indirect Prompt Injection.
Ingestion points: External data is ingested from the crt.sh API, ipinfo.io API, and outputs from reconnaissance tools processing public DNS and WHOIS records.
Boundary markers: Absent; external untrusted content is mixed with system instructions without clear delimitation.
Capability inventory: The skill possesses network fetching, subprocess execution (Bun.spawn), and local file writing capabilities.
Sanitization: No validation or escaping is applied to the data retrieved from external APIs before it is incorporated into reporting or further processing.
DATA_EXFILTRATION (LOW): The skill requires environment variables for sensitive API keys (IPINFO_API_KEY, PDCP_API_KEY). While handled through standard environment practices, the combination of secret access with broad network capabilities and tool execution creates a risk vector for potential exposure.

Recon