The Agent Skills Directory

[COMMAND_EXECUTION]: The skill documents the vigolium js command and the associated vigolium.utils.exec(cmd) JavaScript API, which allow for the execution of arbitrary shell commands on the host system. This is a powerful feature that can be exploited if the inputs to the script or command are influenced by an attacker.
[REMOTE_CODE_EXECUTION]: In the agent swarm mode, an AI agent dynamically generates JavaScript snippets and full extensions based on its analysis of untrusted HTTP requests. These generated scripts are then executed at runtime, constituting a risk of remote code execution if the agent is manipulated by malicious input.
[DATA_EXFILTRATION]: The JavaScript extension environment provides access to the file system (e.g., vigolium.utils.readFile, vigolium.source.readFile) and the network (e.g., vigolium.http.get, vigolium.http.post). These capabilities can be chained to read sensitive local files and exfiltrate their contents to external servers.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection, particularly in autonomous modes where the AI agent makes scanning decisions based on external, untrusted content.
Ingestion points: The scanner ingests data from target URLs, HTTP response bodies and headers, OpenAPI/Swagger specifications, and application source code linked via the --source flag.
Boundary markers: No explicit use of delimiters or 'ignore instructions' warnings is documented for the prompt templates used in pipeline or swarm modes.
Capability inventory: The agent has the authority to run vigolium CLI commands and generate/execute JavaScript code via the vigolium js interface.
Sanitization: A 'Terminal Security Model' for the autopilot mode is mentioned to prevent shell injection and limit commands to an allowlist, but the presence of the vigolium js command provides a legitimate path for more complex, potentially unsafe execution.

vigolium-scanner