The Agent Skills Directory

[PROMPT_INJECTION]: The skill maintains an indirect prompt injection surface by collecting data from untrusted external sources (e.g., Shodan host metadata, HTTP banners, and Certificate Transparency logs) and writing it directly to JSON reports.
Ingestion points: scripts/process.py and scripts/agent.py fetch data from multiple remote APIs and HTTP responses.
Boundary markers: Data is concatenated or stored in JSON without specific delimiters or warnings to ignore embedded instructions.
Capability inventory: Scripts have the ability to write files to the local directory and initiate network connections.
Sanitization: No evidence of escaping or filtering of external content was found before writing to reports.
[EXTERNAL_DOWNLOADS]: Fetches data from well-known and trusted security services including Shodan, VirusTotal, SecurityTrails, and PassiveTotal. These operations are core to the skill's functionality and target reputable domains.
[COMMAND_EXECUTION]: The provided scripts perform network operations such as DNS resolution, SSL certificate fingerprinting, and HTTP requests to evaluate infrastructure indicators.
[SAFE]: Analysis of the source code and metadata revealed no evidence of obfuscation, hardcoded sensitive credentials, privilege escalation, or persistence mechanisms.

tracking-threat-actor-infrastructure