The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill facilitates the installation of legitimate security tools including NoSQLMap and nosqli from community repositories and registries for vulnerability testing purposes.
[COMMAND_EXECUTION]: The instructions and scripts involve executing standard tools such as curl, git, and pip, alongside custom Python scripts (agent.py, process.py) designed to interact with target API endpoints.
[DATA_EXFILTRATION]: Provides methodologies for testing data extraction capabilities from target NoSQL databases using blind regex injection and operator manipulation as part of security assessments.
[PROMPT_INJECTION]: Contains a surface for indirect prompt injection as the included scripts ingest and process HTTP response data from external target URLs.
Ingestion points: Network response bodies retrieved via requests.get and requests.post in scripts/agent.py and scripts/process.py.
Boundary markers: None implemented for the processing of external response content.
Capability inventory: Includes the ability to perform network operations (requests) and file system writes (generating nosql_injection_report.md).
Sanitization: The scripts perform basic substring matching and length checks on responses but do not implement formal sanitization of the untrusted content before it is processed or reported.

exploiting-nosql-injection-vulnerabilities