The Agent Skills Directory

[DATA_EXFILTRATION]: The scripts/agent.py script initiates network connections to user-specified URLs to test for race conditions. It disables SSL certificate validation by setting verify=False in its HTTP requests, which creates a potential for data exposure through man-in-the-middle attacks.
[PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface as it ingests and displays content from remote web servers. * Ingestion points: The analyze_results and test_race_condition functions in scripts/agent.py process HTTP response codes and body content from external targets. * Boundary markers: There are no explicit delimiters or instructions to treat the ingested server content as untrusted. * Capability inventory: The skill has the capability to perform state-changing network operations (POST, PUT) using the requests library. * Sanitization: The script performs basic truncation of response data to 200 characters but lacks robust validation of the incoming content.

exploiting-race-condition-vulnerabilities