The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection as it is designed to ingest and analyze untrusted source code and target website responses while maintaining capabilities such as network access and code analysis.\n- Ingestion points: Identified in source_repo (source code) and target_url (web responses).\n- Boundary markers: Absent; the skill does not define specific delimiters or instructions for the agent to ignore embedded commands.\n- Capability inventory: Orchestrates SAST/DAST scanning, exploit validation via network requests, and updates an exploit playbook memory.\n- Sanitization: Absent; there is no mention of filtering or escaping untrusted input before processing.\n- [COMMAND_EXECUTION]: The skill's primary function is "graduated exploitation," involving the generation and execution of SQL injection, command injection, and SSRF payloads. While intended for authorized testing, these are high-impact capabilities.\n- [EXTERNAL_DOWNLOADS]: The skill metadata lists a dependency on the security-testing skill and mentions an "Agent Booster (WASM)" for validation tasks, indicating dynamic loading of external or binary components.

qe-pentest-validation