The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides numerous terminal one-liners for standard security tools such as sqlmap, ffuf, and hashcat. It also includes reference material for command injection payloads (e.g., ; id, $(id)) and methods to bypass command blocklists in shell environments.- [EXTERNAL_DOWNLOADS]: The skill utilizes WebFetch and WebSearch to retrieve content from external CTF targets. These serve as ingestion points for untrusted data. The skill lacks explicit boundary markers or instructions to disregard embedded commands in fetched content. Given its capability inventory, including Bash execution and file manipulation (Write, Edit), this creates a surface for indirect prompt injection if the agent attempts to follow instructions found on a target website. No specific sanitization of retrieved content is documented.- [REMOTE_CODE_EXECUTION]: Multiple files contain exploit scripts and payloads for achieving RCE, including server-side template injection (SSTI) for Jinja2, Go, and EJS, as well as Node.js VM sandbox escapes and exploitation of vulnerabilities like CVE-2021-22204.- [PROMPT_INJECTION]: The skill includes a dedicated section on LLM jailbreaking techniques, providing prompt patterns designed to override system instructions or bypass safety filters (e.g., 'System Override', 'Ignore previous instructions') for use against target AI systems.- [DATA_EXFILTRATION]: Techniques for exfiltrating data from target environments are detailed, including XSS-based cookie theft, DNS exfiltration, and the use of external webhooks for out-of-band data collection.- [CREDENTIALS_UNSAFE]: The skill describes methods for compromising credentials, such as brute-forcing JWT secrets using flask-unsign and hashcat, as well as inferring sensitive identifiers from public profile data.

ctf-web