The Agent Skills Directory

[COMMAND_EXECUTION]: The SKILL.md file contains multiple shell commands utilizing curl to probe web server headers and test for caching behavior discrepancies.
[SAFE]: The Python script scripts/agent.py performs network requests using the requests library to analyze how different URL path segments affect caching. These operations are restricted to the user-provided target URL and are consistent with the skill's stated purpose of vulnerability assessment.
[SAFE]: The skill includes an Indirect Prompt Injection surface analysis (Category 8):
- Ingestion points: The scripts/agent.py script ingests HTTP response bodies from external targets in the test_path_confusion method.
- Boundary markers: No specific delimiters are used to wrap ingested data, as the data is analyzed programmatically rather than being passed back to an LLM prompt.
- Capability inventory: The script has the capability to make outbound HTTP requests via the requests library.
- Sanitization: No sanitization is performed on the ingested content, but the impact is limited as the content is only used for string length comparisons and keyword matching.

performing-web-cache-deception-attack