The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple shell commands and scripts to perform fuzzing and scanning operations.
Evidence: It runs scripts such as scripts/gobuster/discover-directories.sh, scripts/ffuf/fuzz-parameters.sh, and scripts/nikto/scan-specific-vulnerabilities.sh via bash.
[COMMAND_EXECUTION]: User input is directly interpolated into shell command strings, which is a common vector for command injection.
Evidence: The variable $ARGUMENTS (representing the target URL) is passed directly to bash scripts and standalone binaries like gobuster dir -u $ARGUMENTS and ffuf -u "$ARGUMENTS?FUZZ=test" without explicit validation or escaping.
[DATA_EXFILTRATION]: The skill reads local files to determine operational scope.
Evidence: It executes cat .pentest/scope.json to verify if the target host is authorized for testing.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted data from external targets.
Ingestion points: The agent is instructed to "Review the results" and "Note discovered paths, status codes, and content lengths" from tools that fetch content directly from remote web servers (headers, URL paths, and body content).
Boundary markers: None. The tool outputs are processed directly by the agent to influence subsequent steps.
Capability inventory: The agent has the capability to execute arbitrary subprocesses (bash, gobuster, ffuf, nikto) and read local files.
Sanitization: No sanitization is performed on the output of the fuzzing tools before the agent interprets the data to decide on "high-priority targets for deeper exploitation."

fuzz