The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill documentation suggests installing the third-party tool dalfox from a non-predefined trusted repository (github.com/hahwul/dalfox).
[COMMAND_EXECUTION]: The agent.py script automates HTTP request sequences to target applications and intentionally disables SSL certificate verification for penetration testing purposes.
[DATA_EXFILTRATION]: Documentation includes example XSS payloads for exfiltrating sensitive data such as cookies and keystrokes to a demonstration domain (attacker-server.example.com) to illustrate vulnerability impact.
[PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as the companion script ingests untrusted HTML data from target websites. Ingestion points: resp.text in scripts/agent.py. Boundary markers: Absent. Capability inventory: Network requests (requests) and local file writing (json.dump). Sanitization: Absent.

testing-for-xss-vulnerabilities-with-burpsuite