The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides specific shell commands for system exploitation and maintaining access.
Includes commands to establish system persistence by modifying crontab: echo "* * * * * /tmp/backdoor.sh" >> /etc/crontab.
Details the use of msfconsole to search for and execute exploits and set up reverse shell payloads.
Provides methods for privilege escalation discovery, such as checking sudo permissions (sudo -l) and searching for SUID binaries.
[EXTERNAL_DOWNLOADS]: The skill references various external security scripts and tools.
Directs the use of scripts from potentially untrusted or unverified sources for system enumeration: linpeas.sh, linux-exploit-suggester.sh, and winpeas.exe.
Mentions downloading operating system images from kali.org.
[DATA_EXFILTRATION]: Outlines methodologies for gathering and extracting information from target environments.
Includes techniques for DNS enumeration and email harvesting using theHarvester, which aggregates information from public and private sources.
Describes "Google Hacking" patterns to locate sensitive configuration files like .env and .config on target systems.
[PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection attacks.
Ingestion points: The skill process involves gathering target information (Reconnaissance Report) and web technology fingerprinting.
Boundary markers: No delimiters or warnings are provided to prevent the agent from obeying instructions embedded in the gathered reconnaissance data.
Capability inventory: The skill utilizes powerful tools including nmap, msfconsole, and sqlmap which can execute arbitrary code or queries.
Sanitization: There is no evidence of sanitization or validation of the data retrieved from external targets before it is processed by the agent.

ethical-hacking-methodology