The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of high-privilege commands using sudo for tasks such as starting services (sudo systemctl start nessusd), wireless interface manipulation (sudo airmon-ng start wlan0), and system auditing (sudo lynis audit system). While these are standard operations for the security tools described, they represent a significant attack surface if the agent is directed to use them maliciously.
[EXTERNAL_DOWNLOADS]: The skill instructions include installing multiple third-party packages without version pinning (pip install prowler, pip install scoutsuite, sudo apt install openvas). Additionally, the install_command in the metadata fetches the skill's instruction file from a GitHub repository belonging to an untrusted user (majiayu000).
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8). It is designed to ingest and process data from external, untrusted sources—such as network service banners via nmap, web application content via burp and zap, and wireless frame data via kismet. The skill lacks explicit boundary markers or instructions to sanitize or ignore malicious payloads embedded within this external data.
Ingestion points: Network scan results (nmap), web crawl data (Burp Suite, OWASP ZAP), and vulnerability reports (Nessus, OpenVAS) described in SKILL.md.
Boundary markers: No delimiters or warnings to ignore instructions within processed data are present in the core workflow.
Capability inventory: The skill utilizes numerous powerful CLI tools (msfconsole, nmap, masscan, zap-cli, nessuscli) with the capability to perform network operations, file removal (clamscan --remove), and system modifications.
Sanitization: No sanitization or validation of the input data from external scans is described.

Security Scanning Tools