The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface detected. The skill's primary function involves fetching and processing untrusted data from external web applications, which can be used to inject instructions into the agent's context. 1. Ingestion points: The script scripts/agent.py fetches HTML content, HTTP headers, and cookies from user-specified target URLs. 2. Boundary markers: No clear delimiters or warnings are used to separate fetched web data from the agent's instructions. 3. Capability inventory: The agent has the capability to execute shell commands via subprocess.run and perform arbitrary network requests. 4. Sanitization: No sanitization or filtering of external web content is performed before the data is processed or displayed.
[COMMAND_EXECUTION]: The script scripts/agent.py invokes the ffuf command-line utility using subprocess.run. The target URL and wordlist path are passed as arguments to this process.
[DATA_EXFILTRATION]: The skill performs network requests to arbitrary, non-whitelisted domains provided as the target URL for penetration testing. This allows the agent to communicate with any external server during the assessment.
[SAFE]: The Python script explicitly disables SSL certificate verification by setting verify=False in all requests calls. While common in testing environments, it exposes the tool to potential interception.
[SAFE]: The script uses a fixed temporary file path /tmp/ffuf_output.json for storing results, which is a weak practice that can lead to file collisions in shared environments.

performing-web-application-penetration-test