The Agent Skills Directory

External Downloads (LOW): The skill fetches program policies, guidelines, and scope CSV files from hackerone.com URLs. While essential for the skill's purpose, this involves interaction with external, third-party content that could be modified by an adversary if a program is compromised.
Command Execution (LOW): The skill orchestrates the deployment of 'Pentester agents' and 'specialized agents' (up to 300+ concurrent tests) and expects the generation and execution of PoC scripts (poc.py). This facilitates the execution of dynamically generated code on the host system.
Indirect Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external sources and processes it via LLM-driven agents.
Ingestion points: tools/csv_parser.py reads 'identifier' and 'instruction' fields from user-provided CSVs; the skill also fetches program guidelines from HackerOne URLs.
Boundary markers: Absent. There are no explicit delimiters used in the CSV parsing logic to prevent the LLM from interpreting data as instructions.
Capability inventory: Spawns multiple parallel agents, writes findings to the filesystem, and executes PoC scripts.
Sanitization: tools/report_validator.py includes regex checks to detect and warn about sensitive data (API keys, credentials) before submission, which is a positive safety feature, but it does not sanitize inputs to prevent injection attacks.

hackerone