The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill is primarily composed of shell commands designed for offensive security tasks. It provides the agent with broad authority to execute system commands including file system manipulation (mkdir, tee, redirection), network scanning, and interactive tool usage.
[REMOTE_CODE_EXECUTION] (HIGH): Step 10 involves the creation of a standalone Bash script (recon.sh) which is then executed. This pattern of dynamic code generation and execution is a high-risk activity that could be leveraged to run arbitrary malicious logic on the host machine.
[EXTERNAL_DOWNLOADS] (MEDIUM): The workflow relies on a large suite of third-party security tools (e.g., paramspider.py, dalfox, subfinder, nuclei, httpx). Many of these are community-maintained projects, and their installation or execution via this skill introduces supply chain risks.
[DATA_EXFILTRATION] (LOW): The skill is designed to send domain and target information to third-party reconnaissance services (Shodan, Censys) and historical data engines (Wayback Machine). While intended for recon, there is a risk that internal network details or API keys could be leaked.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted data from external targets via tools like httpx, nuclei, and waybackurls. Maliciously crafted responses from a target server (e.g., in HTML headers or body) could potentially influence the agent's behavior.
Ingestion points: Tools such as httpx, nuclei, whatweb, and curl fetch content from arbitrary external domains.
Boundary markers: None identified; external tool outputs are processed directly by the agent without delimiters.
Capability inventory: The skill allows for full subprocess execution, file read/write access, and unrestricted network operations.
Sanitization: There is no evidence of sanitization or validation of the data returned from external targets before it is presented to the agent.

Red Team Tools and Methodology