The Agent Skills Directory

[SAFE]: The skill is a legitimate security testing utility focused on identifying web cache poisoning vulnerabilities. All identified functionalities align with the stated purpose of cybersecurity assessment.
[COMMAND_EXECUTION]: The documentation provides standard curl commands for manual cache testing, which is appropriate for a penetration testing guide. These commands are for the user to run manually and are not executed automatically by the agent in a hidden manner.
[EXTERNAL_DOWNLOADS]: The Python script uses the requests library for HTTP communication. This is a standard, well-known dependency. While the script disables SSL verification (verify=False), this is common in security tools to handle various testing environments and does not constitute a malicious finding.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests untrusted data from external web pages. However, this risk is associated with the primary purpose of identifying reflected headers in cache tests and does not lead to harmful outcomes in this context. Ingestion points: scripts/agent.py reads response bodies from the target URL. Boundary markers: Absent; the content is searched for reflections of injected headers. Capability inventory: HTTP network requests via the requests library. Sanitization: Absent; the script checks for raw string matches in the response text.

performing-web-cache-poisoning-attack