The Agent Skills Directory

[DATA_EXPOSURE_AND_EXFILTRATION]: The skill utilizes the requests library in scripts/agent.py to perform network operations against target web applications. This is the primary intended function of the penetration testing toolkit. All network activity is directed to user-specified base URLs provided as command-line arguments. No hardcoded secrets or evidence of unauthorized data exfiltration were found.
[INDIRECT_PROMPT_INJECTION]: A vulnerability surface for indirect prompt injection exists because the agent processes responses from external web servers during its automated testing routines.
Ingestion points: requests.request, requests.get, requests.post, and requests.put calls in scripts/agent.py process external response bodies and status codes.
Boundary markers: None present in the automation script.
Capability inventory: Network request capabilities via requests and local file writing for reporting in scripts/agent.py.
Sanitization: No explicit sanitization or filtering of incoming HTTP response content is performed before processing.
[SAFE]: The skill uses standard Python libraries and follows documented security testing methodologies (OWASP). It does not exhibit any indicators of persistence, privilege escalation on the host machine, or malicious obfuscation. The use of verify=False in scripts/agent.py is a common practice in security testing tools for interacting with environments using internal or self-signed certificates.

testing-for-broken-access-control