The Agent Skills Directory

[COMMAND_EXECUTION]: The script assets/nmap_scan_template.sh is vulnerable to arbitrary command injection. The script constructs an Nmap command by concatenating several input variables (such as target and ports) and executes the resulting string using the eval command. Because the inputs are not sanitized, an attacker or a malicious target could inject shell metacharacters (e.g., ;, &, |) to execute unauthorized commands on the host system.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8) due to its interaction with untrusted external targets.
Ingestion points: The skill reads and analyzes application structures, endpoints, and scan results from user-provided target URLs (defined in SKILL.md and processed by report_parser.py).
Boundary markers: Absent; there are no specific delimiters or instructions for the agent to disregard instructions potentially embedded within the target's metadata or response bodies.
Capability inventory: The skill is granted extensive capabilities, including arbitrary shell execution via the Bash(test:security-*) tool and the ability to write reports to the local filesystem.
Sanitization: There is no evidence of input validation or content filtering for data retrieved from target systems before it is parsed or displayed.

performing-security-testing