The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/agent.py script executes network requests and file reads based on user-provided CLI arguments, which is expected for a security research tool.\n
The test command uses the requests library to send HTTP GET requests to a user-defined target URL.\n
The confuse command reads from a local file path provided by the user to facilitate RSA-to-HMAC algorithm confusion tests.\n- [EXTERNAL_DOWNLOADS]: The documentation references the requests library, which is a well-known and trusted third-party Python package. Users are instructed to install it via standard package managers for endpoint testing functionality.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to the ingestion of untrusted data (URLs and tokens). Since the tool is intended for manual security testing, the risk is inherent to its primary purpose.\n
Ingestion points: User-supplied target_url and token parameters in the scripts/agent.py script.\n
Boundary markers: Absent; the tool processes input strings directly as provided by the user.\n
Capability inventory: Includes network access via requests.get and file system reads via open().read().\n
Sanitization: None; input is used verbatim for testing purposes.

performing-jwt-none-algorithm-attack