The Agent Skills Directory

[COMMAND_EXECUTION]: The workflow and automation script include tests for Remote Code Execution (RCE) via techniques like PHP log poisoning and the use of the 'expect://' wrapper protocol.- [DATA_EXFILTRATION]: The skill includes instructions and automated patterns to access highly sensitive server-side files, including '/etc/shadow', configuration files containing secrets ('.env'), and SSH private keys.- [EXTERNAL_DOWNLOADS]: The documentation recommends the installation and use of external security tools and wordlists, such as 'dotdotpwn', 'ffuf', and 'SecLists'.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing arbitrary target URLs (scripts/agent.py) without sanitization or boundary markers, which could lead to unintended agent actions if the target data is malicious.

performing-directory-traversal-testing