The Agent Skills Directory

[COMMAND_EXECUTION]: The automation scripts scripts/agent.py and scripts/process.py utilize subprocess.run to execute local security tools including nmap, netexec, and bloodhound-python. These calls are implemented using argument lists, which mitigate risks of shell injection.
[EXTERNAL_DOWNLOADS]: The skill's documentation and reference files (references/api-reference.md) specify the use of established Python libraries such as ldap3, impacket, and python-nmap for network and directory interactions.
[CREDENTIALS_UNSAFE]: The penetration testing automation is designed to process Active Directory credentials provided as command-line arguments to authenticate against internal services. The documentation appropriately uses placeholders like Password123 and AdminPass123.
[DATA_EXFILTRATION]: While the skill performs extensive network enumeration and extracts Active Directory object information, the data is stored in local result files for reporting. No unauthorized network transmissions to external domains were identified.
[PROMPT_INJECTION]: The skill demonstrates an attack surface for indirect prompt injection by processing external data.
Ingestion points: Network discovery results from nmap files and LDAP search responses processed in scripts/agent.py and scripts/process.py.
Boundary markers: Not explicitly implemented in the reporting or console output logic.
Capability inventory: The skill possesses file-write capabilities for reporting and subprocess execution capabilities for launching network tools.
Sanitization: No sanitization or filtering of external tool output is performed before it is incorporated into reports or displayed to the user.

conducting-internal-network-penetration-test