The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill orchestrates a multi-phase pentest engagement that processes untrusted data from target server responses and external reconnaissance tool outputs.
Ingestion points: Findings stored in outputs/data/findings/ and raw tool outputs located in outputs/processed/reconnaissance/raw/.
Boundary markers: None identified. The instructions for the pentester-validator and the report generation phases do not include explicit delimiters or warnings to ignore instructions embedded in the ingested findings.
Capability inventory: The pentester-validator agent has the capability to execute Python scripts (poc.py) and search through raw scan files (reference/VALIDATION.md).
Sanitization: There is no documented mechanism for sanitizing or escaping technical evidence before it is included in the final branded PDF report or analyzed by the validator subagent.
[COMMAND_EXECUTION]: The validation workflow includes the dynamic execution of generated scripts to verify security findings.
Evidence: reference/VALIDATION.md specifies that the pentester-validator agent runs poc.py to ensure PoCs are functional. While the skill suggests using ast.parse() for syntax verification, the runtime execution of scripts that may be influenced by data gathered from a target environment presents a local execution risk.
[EXTERNAL_DOWNLOADS]: The skill integrates with external security research repositories to fetch testing payloads.
Evidence: PATT_STANDARD.md defines a standard for retrieving and curating payloads from the PayloadsAllTheThings GitHub repository (github.com/swisskyrepo/PayloadsAllTheThings). This is used to populate attack vectors within the skill's infrastructure.

coordination