The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides functional payloads to achieve Remote Code Execution (RCE) by targeting template engines (EJS, Pug, Handlebars) and Node.js internal modules like child_process.
[DATA_EXFILTRATION]: The scripts/agent.py tool performs active network requests (GET and POST) to user-supplied URLs. This capability allows the agent to interact with external systems and could be used to probe internal infrastructure or exfiltrate data if used maliciously.
[COMMAND_EXECUTION]: The documentation includes specific shell commands (curl) and Node.js code snippets designed to manipulate server-side environments and bypass authentication or authorization checks.

exploiting-prototype-pollution-in-javascript