The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill provides an extensive library of payloads designed to achieve remote code execution on target servers. This includes various web shells (PHP, ASPX, JSP) and reverse shell scripts for multiple environments (Bash, Python, Ruby, Java). Crucially, the file 'reference/file-upload-cheat-sheet.md' was explicitly flagged by antivirus scanners as containing a verified Trojan backdoor (PHP:BackDoor-Y).
[COMMAND_EXECUTION]: The reference documentation includes numerous high-risk shell commands and scripts intended to exploit vulnerabilities such as race conditions, path traversal, and job queue injection. Examples include the use of 'proc_open' for PTY-based privilege escalation and automated loops for race condition exploitation.
[EXTERNAL_DOWNLOADS]: The skill documentation encourages the downloading and execution of security tools from unverified third-party repositories and domains, such as 'github.com/almandin/fuxploider', 'github.com/tarunkant/Gopherus', 'github.com/BishopFox/h2csmuggler', and 'rebinder.net'.
[DATA_EXFILTRATION]: Multiple payloads are documented specifically for the purpose of stealing sensitive system data. These include commands to read and transmit contents of '/etc/shadow', AWS/Azure/GCP metadata credentials, and private SSH keys to external attacker-controlled domains.
[CREDENTIALS_UNSAFE]: The skill includes lists of common default credentials for administrative interfaces and provides detailed instructions for forging application session cookies using a list of common weak secret keys (e.g., 'secret', 'changeme', 'supersecret').

server-side