The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is designed to perform graduated exploitation, which involves executing network-level commands and browser-based automation.
Evidence: Explicitly utilizes curl, wget, and Playwright to test for vulnerabilities in the Injection, XSS, and SSRF pipelines (SKILL.md).
Evidence: Mentions proving command injection using exec() and system() calls as part of the validation process (SKILL.md).
[DATA_EXFILTRATION]: The skill incorporates techniques for data extraction as a means of proving vulnerability exploitability.
Evidence: The SSRF pipeline includes targets for cloud metadata extraction (e.g., 169.254.169.254) and protocol smuggling (file:///etc/passwd) (SKILL.md).
Evidence: The SQL injection pipeline includes patterns for UNION SELECT data extraction (SKILL.md).
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its automated processing of external content from target URLs.
Ingestion points: The agent ingests untrusted data from target_url using DAST tools and Playwright (SKILL.md).
Boundary markers: No explicit boundary markers or instructions to ignore embedded instructions in the retrieved content are present in the provided documentation.
Capability inventory: High-privilege capabilities include network operations (curl, wget), file system access via protocol smuggling tests, and browser control (Playwright).
Sanitization: No sanitization logic for external content is specified before the data is processed by the exploitation pipelines.
[EXTERNAL_DOWNLOADS]: The skill performs dynamic network requests to external, user-provided URLs.
Evidence: Configuration requires a target_url which is then accessed via multiple validation tiers (SKILL.md).

pentest-validation