The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (MEDIUM): The generate_polyglot tool defined in references/tools.md enables the creation of files with embedded executable code (e.g., PHP, JSP). This represents a dynamic code generation capability (Category 10) that is high-risk if used outside of controlled testing.
[COMMAND_EXECUTION] (MEDIUM): The mitmproxy_intercept tool in references/tools.md accepts a modify_fn as a string, implying dynamic Python execution for traffic modification. This is a high-risk pattern for arbitrary code execution in the agent's environment.
[COMMAND_EXECUTION] (MEDIUM): In references/workflows.md, the file_upload_abuse section details path traversal vectors targeting /etc/cron.d/, which is a persistence mechanism and privilege escalation pattern (Category 5/6).
[PROMPT_INJECTION] (LOW): The skill presents an indirect prompt injection surface (Category 8). Evidence Chain: 1. Ingestion points: Recon deliverables and target source code mentioned in SKILL.md. 2. Boundary markers: None identified to separate target data from agent instructions. 3. Capability inventory: Significant capabilities including raw HTTP requests (burp_repeater), parallel network tasks (aiohttp_parallel), and browser automation (playwright_workflow). 4. Sanitization: No sanitization or validation of target-derived data is specified before performing automated actions.

pentest-business-logic