The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The documentation provides instructions to download security testing tools from external repositories belonging to BishopFox and defparam.
[REMOTE_CODE_EXECUTION]: The skill instructs the user to execute downloaded third-party scripts, such as h2csmuggler.py and smuggler.py, for vulnerability detection.
[COMMAND_EXECUTION]: The workflow involves multiple shell commands using curl, git, and python to perform network reconnaissance and exploit execution.
[PROMPT_INJECTION]: The agent processes untrusted server data from external network targets, which could contain malicious instructions designed to influence the LLM context.
Ingestion points: Server response headers and raw socket bytes are read in scripts/agent.py using requests.get and socket.recv.
Boundary markers: No explicit delimiters or instruction-ignore markers are used in the agent's output to protect the downstream LLM context.
Capability inventory: The skill possesses capabilities for arbitrary network communication via sockets and requests, and local file system writes.
Sanitization: Basic decoding with error handling is used, but the content is incorporated into the final report without sanitization for prompt injection patterns.
[SAFE]: The agent script explicitly disables SSL certificate verification (ssl.CERT_NONE), which is a common requirement for penetration testing tools to handle proxies and self-signed certificates.

exploiting-http-request-smuggling