The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (HIGH): The skill's primary function is to 'Research and test specific CVEs' by finding and executing exploit code. Phase 5 (Exploit Adaptation) and Phase 6 (Controlled Testing) involve the agent modifying and running scripts sourced from the public internet, which is a high-risk behavior that can lead to system compromise.
[EXTERNAL_DOWNLOADS] (HIGH): The instructions explicitly direct the agent to fetch content from unvetted external repositories, including 'GitHub security advisories', 'Exploit-DB', and 'security researcher blogs'. These sources are attacker-controllable, and there are no instructions for verifying the integrity or safety of the downloaded code before execution.
[COMMAND_EXECUTION] (HIGH): The skill requires the agent to 'Execute safe, controlled vulnerability validation'. In an AI agent context, 'execution' typically involves spawning subprocesses or running shell commands, providing a direct vector for malicious payloads if the input (the exploit) is untrustworthy.
[PROMPT_INJECTION] (MEDIUM): The skill includes 'CRITICAL RULES' that use authoritative language ('You MUST', 'You NEVER', 'Get straight to work immediately') to force the agent into a specific operating mode. This 'jailbreak-lite' pattern aims to bypass standard agent reasoning or safety checkpoints by demanding immediate, unreflective action.
[INDIRECT_PROMPT_INJECTION] (HIGH): Because the skill processes 'exploit analysis', 'HackerOne disclosures', and 'researcher blogs' as data, it is vulnerable to instructions embedded within that data. An attacker could publish a 'PoC' that contains hidden prompts designed to trick the agent into exfiltrating local files or escalating privileges during the 'testing' phase.

cve-testing