The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The allowed-tools frontmatter grants the agent the ability to execute powerful offensive tools (nmap, nikto, sqlmap, hydra, john, msfconsole, aircrack-ng, tshark) with any flags. The use of Bash(tool:*) wildcards provides no boundary on parameters, enabling unrestricted command construction.
[REMOTE_CODE_EXECUTION] (HIGH): The skill explicitly enables tools and provides commands for gaining shell access on remote systems, such as sqlmap --os-shell and Metasploit exploits (e.g., EternalBlue). This provides the agent with the capability to execute code on targets, which could be misused to attack internal infrastructure.
[DATA_EXFILTRATION] (MEDIUM): The skill includes instructions and tool access for data harvesting, such as sqlmap --dump for database extraction and tshark for packet capture. While focused on targets, this capability can be used to exfiltrate sensitive data from any reachable system.
[INDIRECT_PROMPT_INJECTION] (HIGH): The skill processes untrusted external data (target URLs, IPs, and web content) and possesses high-privilege execution capabilities. A malicious web target could contain embedded instructions that trick the agent into performing unintended offensive actions using the provided tools. There are no boundary markers or sanitization logic defined.

pentest-commands