The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The script scripts/agent.py contains hardcoded default credentials. \n
Evidence: Default parameters username='admin' and password='admin' are defined in the connect_gvm function and the argparse CLI configuration.\n- [PROMPT_INJECTION]: The skill processes untrusted scan data, creating a surface for indirect prompt injection. \n
Ingestion points: The skill ingests external scan results via the parse_report_xml and analyze_offline_report functions in scripts/agent.py. \n
Boundary markers: No delimiters or specific instructions are provided to the agent to treat scan data as untrusted content. \n
Capability inventory: The skill has the capability to initiate network connections using the python-gvm library and write report files to the local filesystem. \n
Sanitization: There is no evidence of sanitization or validation of the ingested vulnerability data before it is processed or summarized. \n- [EXTERNAL_DOWNLOADS]: The skill utilizes the python-gvm library, which is an external dependency from a well-known source.

implementing-vulnerability-management-with-greenbone