The Agent Skills Directory

[COMMAND_EXECUTION]: The run_directory_bruteforce function in scripts/agent.py uses subprocess.run to execute the external command-line tool ffuf. This is used to perform directory discovery on target web applications.
[EXTERNAL_DOWNLOADS]: The script scripts/agent.py performs multiple outbound HTTP requests to user-provided target URLs to identify server technologies, check security headers, and test for vulnerabilities.
[DATA_EXFILTRATION]: All network requests in scripts/agent.py are performed with verify=False, which explicitly disables SSL certificate verification. This practice exposes the connection to potential man-in-the-middle attacks, although it is often used in security testing for self-signed certificates.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. The penetration testing script ingests data from external web servers (such as HTTP response headers and bodies) and reflects them in its final report. A malicious web server could provide crafted content designed to influence the behavior of an AI agent that interprets the report findings.
Ingestion points: scripts/agent.py (functions fingerprint_technology, check_security_headers, and test_xss_basic).
Boundary markers: None. The script does not use any delimiters or special instructions to mark the untrusted web content in its output.
Capability inventory: Subprocess execution via ffuf and arbitrary HTTP request generation.
Sanitization: No escaping, filtering, or validation is performed on the data retrieved from external servers before it is printed to the report output.

performing-web-application-penetration-test