The Agent Skills Directory

[COMMAND_EXECUTION]: The SKILL.md file contains bash command snippets utilizing curl, grep, and jq to perform web reconnaissance and vulnerability scanning.\n- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install well-known security tools, including trufflehog, gitleaks, and git-dumper, from public registries and repositories.\n- [DATA_EXFILTRATION]: The agent.py script specifically checks for the existence of sensitive files like .env, .git/config, and .aws/credentials on a remote target. This behavior is intentional and aligned with the skill's purpose for identifying improper data exposure on targets.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface where the agent processes untrusted remote data.\n
Ingestion points: Data is fetched from remote JavaScript files and API endpoints in agent.py.\n
Boundary markers: No explicit markers are used to isolate untrusted data in the generated reports.\n
Capability inventory: The script performs network requests and generates structured JSON reports.\n
Sanitization: Content fetched from remote sources is processed via regex and included in reports without additional sanitization.\n- [SAFE]: The skill performs its stated tasks using standard libraries and transparent logic without any signs of obfuscation, persistence, or malicious intent.

testing-for-sensitive-data-exposure