The Agent Skills Directory

[SAFE]: The skill is a legitimate security testing tool for authorized assessments. The identification of "malicious" behaviors such as CSWSH testing and injection payload delivery is intentional and documented as part of the tool's primary function for security researchers.\n- [COMMAND_EXECUTION]: The Python agent executes network requests to interact with and test WebSocket endpoints provided by the user. These commands are localized to the audit tasks.\n- [EXTERNAL_DOWNLOADS]: The documentation references official repositories and package managers for the installation of standard security tools (e.g., wscat via npm) and well-known Python libraries (e.g., websockets, requests).\n- [SAFE]: Indirect Prompt Injection Surface: The agent ingests untrusted data from WebSocket responses via 'ws.recv()' in both the script and instructional snippets. No boundary markers are used, but the ingestion is limited to display and analysis with no evidence of dynamic code execution or command interpolation of the received data. Capabilities are limited to network interaction and local report writing.

testing-websocket-api-security