The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill facilitates remote code execution by providing specific payloads for template engines like Jinja2 (using os.popen), Twig, and Freemarker. The included agent.py script automates the testing of these payloads against a target URL.
[COMMAND_EXECUTION]: Instructions and automated scripts execute system commands such as id and whoami to confirm vulnerability exploitation and determine user privileges on the target system.
[DATA_EXFILTRATION]: Provides specific methods to extract sensitive server information, including reading /etc/passwd and accessing application configuration variables like Flask's SECRET_KEY.
[EXTERNAL_DOWNLOADS]: Recommends the use of external exploitation frameworks, instructing users to clone tplmap from GitHub and install sstimap via the Python package manager. Additionally, the provided script disables SSL verification during network requests.
[PROMPT_INJECTION]: The assessment logic is vulnerable to indirect prompt injection. 1. Ingestion points: scripts/agent.py ingests the full body of HTTP responses from the target server. 2. Boundary markers: No boundary markers are provided to distinguish between expected output and potentially malicious server content. 3. Capability inventory: The agent has the capability to execute system commands and read sensitive files via automated template injection. 4. Sanitization: The script does not sanitize server responses before searching for confirmation patterns.

exploiting-template-injection-vulnerabilities