The Agent Skills Directory

[DATA_EXFILTRATION]: The skill is configured to probe sensitive internal endpoints including cloud metadata services (AWS, GCP, Azure at 169.254.169.254) and local system files using the file:// protocol. While this is the intended functionality for identifying SSRF flaws, it involves attempting to access highly sensitive infrastructure credentials and configuration data.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'requests' Python package to facilitate network communications.
[COMMAND_EXECUTION]: The script 'scripts/agent.py' performs network probing and writes vulnerability findings to a local JSON file based on user-provided target parameters.
[SAFE]: The skill's operations are transparent and consistent with its stated purpose as a security testing utility. It does not exhibit signs of obfuscation, hidden malicious logic, or unauthorized data transmission to third-party servers. It contains an indirect prompt injection surface as it processes untrusted data from remote server responses (Ingestion points: scripts/agent.py via requests.get; Boundary markers: None; Capability inventory: Network requests and local file writes; Sanitization: None).

performing-ssrf-vulnerability-exploitation