The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill references several well-known security tools and automated scanning actions from trusted repositories on GitHub (e.g., Nuclei from ProjectDiscovery, Semgrep from ReturnToCorp, Trivy from Aqua Security). These references are part of standard security automation practices.
[COMMAND_EXECUTION]: Multiple agents provide CLI examples for security testing tools like sqlmap, hydra, and curl. These are clearly labeled as testing procedures for vulnerability identification (e.g., testing for SQL injection or broken access control).
[REMOTE_CODE_EXECUTION]: The penetration testing agents include descriptive examples of Remote Code Execution (RCE) payloads for various environments (Java, PHP, Node.js). These are static text examples intended to teach or guide an auditor during a penetration test and do not represent executable code within the skill context.
[DATA_EXFILTRATION]: No patterns of unauthorized data collection or exfiltration were found. Data processing instructions (like encryption and sanitization) follow industry best practices and use environment variables for key management.
[PROMPT_INJECTION]: The skill instructions are focused on establishing a professional security persona. No attempts to bypass safety filters or override agent behavior were detected.

security-expert