The Agent Skills Directory

[SAFE]: The skill performs legitimate security analysis by checking for 'X-Frame-Options' and 'Content-Security-Policy' headers to verify anti-framing protections.
[SAFE]: All external links and resources provided in the documentation and references point to well-known and reputable security industry sites including OWASP, PortSwigger, and MDN.
[PROMPT_INJECTION]: The script agent.py demonstrates a potential injection surface where the target_url input is interpolated into an HTML template for PoC generation without sanitization. Ingestion point: target_url command-line argument in agent.py. Boundary markers: Absent. Capability inventory: Performs network requests and writes to a local HTML file. Sanitization: None. This surface is characteristic of a local security utility and does not indicate malicious behavior.

performing-clickjacking-attack-test