The Agent Skills Directory

[COMMAND_EXECUTION]: The automation scripts scripts/agent.py and scripts/process.py execute external command-line tools such as nmap, subfinder, and nuclei using the subprocess module. The execution is handled through argument lists to avoid shell injection, which is appropriate and necessary for the skill's intended purpose of network security assessment.
[EXTERNAL_DOWNLOADS]: The skill references the retrieval of certificate transparency logs from crt.sh. This is a well-known and reputable service for domain reconnaissance, and its use is documented as a standard step in the penetration testing workflow.
[SAFE]: The skill contains a vulnerability surface for indirect prompt injection by processing external tool outputs to guide automation.
Ingestion points: scripts/process.py reads and processes the output of the subfinder tool from subdomains_subfinder.txt.
Capability inventory: The skill has the capability to perform network scanning and execute shell commands via subprocess.run based on the targets identified.
Boundary markers: There are no explicit delimiters or boundary markers used to isolate data retrieved from external tools from the internal control logic.
Sanitization: No sanitization or validation is applied to the subdomain strings or tool outputs before they are used to populate subsequent command arguments.

performing-external-network-penetration-test