The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The documentation in references/workflows.md includes instructions to download and execute a script from a remote URL directly in the shell using the 'curl | sh' pattern. Executing unverified remote code in this manner is a high-risk security practice that bypasses integrity checks.
[EXTERNAL_DOWNLOADS]: The skill provides commands to fetch external security tools from third-party GitHub repositories (such as peass-ng and mzet-) and includes examples of downloading files from arbitrary attacker-controlled servers.
[COMMAND_EXECUTION]: The scripts/agent.py script executes numerous system commands via subprocess.run to discover SUID binaries, check sudo permissions, and locate world-writable sensitive files like /etc/shadow. This programmatic probing of the host system's security configuration involves executing sensitive system commands.

performing-privilege-escalation-on-linux