The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs the user to install security utilities from reputable sources, specifically ProjectDiscovery's official GitHub repository and the OWASP organization.
[COMMAND_EXECUTION]: The Python scripts scripts/agent.py and scripts/process.py facilitate the automation of security tools using the subprocess module. The implementation uses list-based arguments, which is a secure pattern that prevents command injection by ensuring inputs are not interpreted by a shell.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted reconnaissance data from the internet.
Ingestion points: The scripts ingest hostnames, HTTP titles, and CNAME records discovered via subfinder, httpx, and dnsx (referenced in scripts/agent.py and scripts/process.py).
Boundary markers: The generated reports do not utilize delimiters or specific instructions to isolate or ignore potentially malicious content embedded in the discovered network data.
Capability inventory: The skill possesses the ability to execute CLI tools via subprocesses and perform filesystem write operations to save findings.
Sanitization: There is no evidence of string validation or sanitization for the data retrieved from external targets before it is included in the final Markdown and JSON reports.

performing-subdomain-enumeration-with-subfinder