The Agent Skills Directory

[DATA_EXFILTRATION]: The skill connects to multiple external services to collect reconnaissance data, including crt.sh for certificate logs, Shodan for host discovery, and Have I Been Pwned for breach information.
[DATA_EXFILTRATION]: In the scripts/agent.py file, the check_web_technologies function performs HTTP requests to target domains with SSL/TLS certificate verification disabled (verify=False), which exposes the communication to potential interception and man-in-the-middle attacks.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from external sources and target infrastructure.
Ingestion points: Service metadata from Shodan, code snippets from GitHub, and HTTP headers retrieved from target servers.
Boundary markers: No delimiters or protective instructions are present in the processing logic.
Capability inventory: The skill can perform network requests and write JSON files to the local file system.
Sanitization: There is no validation or sanitization of the data retrieved from external APIs before it is incorporated into reports.

conducting-external-reconnaissance-with-osint