The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is designed to generate and execute Python and Bash scripts (poc.py, poc.sh) to validate discovered vulnerabilities. This behavior is documented in SKILL.md and README.md as a core feature for proof-of-concept validation.
[REMOTE_CODE_EXECUTION]: The workflow involves orchestrating multiple 'Pentester agents' and 'specialized agents' in parallel to perform automated testing across large attack surfaces. This involves complex task delegation and execution of testing logic based on dynamic targets.
[DATA_EXFILTRATION]: The skill includes a dedicated tool (tools/sensitive_data_tracker.py) designed to identify, collect, and log sensitive information including credentials, password hashes, API keys, private keys, and user PII. While it provides redaction rules for reports, it processes and stores raw sensitive data in metadata files locally.
[EXTERNAL_DOWNLOADS]: The skill fetches program guidelines and scope configuration (CSV files) from the HackerOne platform. These are well-known external sources but involve the ingestion of data that influences subsequent agent actions.
[REMOTE_CODE_EXECUTION]: The skill is susceptible to indirect prompt injection or command injection because it ingests untrusted data from HackerOne program pages and CSV scope files. The provided CSV parser (tools/csv_parser.py) does not implement sanitization for asset identifiers, which are subsequently used by agents to perform network and local operations.
Ingestion points: Program data fetched from HackerOne URLs and scope configuration loaded from CSV files (identifier, asset_type, etc.).
Boundary markers: None identified in the provided instruction files or scripts.
Capability inventory: Subprocess execution for PoC validation, file system writes for reporting, and network operations for asset testing.
Sanitization: The tools/csv_parser.py script performs basic whitespace stripping but lacks validation or escaping for characters that could trigger command injection.

hackerone