The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides curl commands and a Python script (scripts/agent.py) for the purpose of making HTTP requests to analyze target applications. These are intended for security research and vulnerability discovery.
[EXTERNAL_DOWNLOADS]: The documentation references well-known security tools and libraries such as Burp Suite, xsrfprobe, requests, beautifulsoup4, and selenium. These are standard tools within the cybersecurity domain and are used for legitimate testing purposes.
[DATA_EXFILTRATION]: The scripts/agent.py script uses the requests library to interact with target URLs. This behavior is used for vulnerability scanning and does not involve unauthorized access to sensitive local files or the exfiltration of user credentials.
[PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection in scripts/agent.py, where it parses HTML content from external target websites to extract forms and tokens.
Ingestion points: HTML response text from user-provided URLs is processed in scripts/agent.py.
Boundary markers: The script does not utilize explicit boundary markers or instructions to ignore embedded directives in the parsed HTML content.
Capability inventory: The script can perform network requests and write a local file (csrf_poc.html).
Sanitization: The script uses regular expressions to extract data from target pages and interpolates it into generated reports and HTML files without additional sanitization.

performing-csrf-attack-simulation