The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's primary function involves executing system-level security binaries such as nmap, subfinder, and masscan through Python's subprocess module. User-supplied targets are validated against regular expressions in scripts/utils.py to prevent basic command injection.
[EXTERNAL_DOWNLOADS]: The scripts/install.sh script fetches and executes the official Homebrew installation script from GitHub. This is a reference to a well-known and trusted technology service.
[COMMAND_EXECUTION]: During the setup process, the skill utilizes sudo commands to interface with system package managers (apt, dnf, pacman) to install required security dependencies.
[DYNAMIC_EXECUTION]: The files scripts/script.py and scripts/script_1.py contain logic that programmatically reconstructs the skill's directory structure and Python modules. This functions as a self-contained distribution or packaging mechanism.
[INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from network reconnaissance (e.g., HTTP headers, DNS records, and subdomain lists) which is later processed and displayed in reports.
Ingestion points: Data is collected in scripts/recon.py, scripts/scanner.py, and scripts/burp_mcp.py via network requests and tool outputs.
Boundary markers: The skill relies on structured JSON serialization for intermediate data handling between modules.
Capability inventory: The agent has access to shell execution via subprocess, file system writes for logging and reporting, and network operations through requests.
Sanitization: Input targets are filtered through regex-based validation in scripts/utils.py before being passed to shell commands.

ethical-redteam-bugbounty