The Agent Skills Directory

[COMMAND_EXECUTION]: The SKILL.md file contains setup instructions requiring the user to execute commands with administrative privileges using sudo apt install to install build dependencies.
[CREDENTIALS_UNSAFE]: Hardcoded example passwords and credentials are present in the configuration snippets in SKILL.md (Step 2) and the assets/template.md file.
[EXTERNAL_DOWNLOADS]: The skill downloads external source code and language dependencies from GitHub (HavocFramework/Havoc) and the Go package registry as part of the build process.
[EXTERNAL_DOWNLOADS]: The Python scripts scripts/agent.py and scripts/process.py disable SSL certificate and hostname verification (verify=False and CERT_NONE), which could allow man-in-the-middle attacks during infrastructure monitoring and management.
[PROMPT_INJECTION]: The scripts/agent.py script processes data from a remote teamserver API, creating a surface for indirect prompt injection attacks if the API source is compromised.
Ingestion points: Data is fetched from the teamserver's /api/listeners, /api/agents, and /api/payloads/generate endpoints in scripts/agent.py.
Boundary markers: No delimiters or safety instructions are used when processing or reporting the external data.
Capability inventory: The script performs network requests and writes JSON reports to the local filesystem using data derived from the API.
Sanitization: No validation or escaping is performed on the data retrieved from the remote API before processing.
[PROMPT_INJECTION]: There is a metadata discrepancy between the author specified in SKILL.md ("mahipal") and the copyright holder listed in the LICENSE file ("mukul975"), which may be misleading regarding the skill's origin.

building-red-team-c2-infrastructure-with-havoc