The Agent Skills Directory

[DATA_EXFILTRATION]: The skill performs network requests using the requests library to user-defined API endpoints. While intended for security testing, this involves the transmission of authentication tokens and interaction with external services, which could be leveraged for data exposure if used maliciously.
[COMMAND_EXECUTION]: The scripts/agent.py script and SKILL.md code blocks implement network-based capabilities to interact with arbitrary URLs provided by the user. Although these are not direct shell commands, they provide the agent with the functional capacity to perform external network operations.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external API responses.
Ingestion points: Data enters the agent context through requests response objects (e.g., resp.json()) in SKILL.md and scripts/agent.py.
Boundary markers: There are no explicit delimiters or instructions to the agent to ignore potentially malicious content embedded within the API responses.
Capability inventory: The skill possesses the capability to perform network operations (requests) and display processed data to the user.
Sanitization: The skill parses JSON data but lacks sanitization or validation of the content before it is used in logic or displayed, allowing malicious instructions in an API response to potentially influence the agent.

exploiting-broken-function-level-authorization