What are Agent Skills?

Agent Skills are reusable, production-ready capability packs for AI agents. Each skill lives in its own folder and is described by a SKILL.md file with metadata and instructions.

What does this agent-skills.md site do?

Agent Skills is a curated directory that indexes skill repositories and lets you browse, preview, and download skills in a consistent format.

Where are skills stored in a repo?

By default, the site scans the skills/ folder. You can also submit a URL that points directly to a specific skills folder.

What is required inside SKILL.md?

SKILL.md must include YAML frontmatter with at least name and description. The body contains the actual guidance and steps for the agent.

How can I submit a repo?

Click Submit in the header and paste a GitHub URL that points to a skills folder. We’ll parse it and add any valid skills to the directory.

Find awesome Agent Skills

HTML Injection Testing

This skill should be used when the user asks to "test for HTML injection", "inject HTML into web pages", "perform HTML injection attacks", "deface web applications", or "test content injection vulnerabilities". It provides comprehensive HTML injection attack techniques and testing methodologies.

html-injectionweb-application-securitypenetration-testingcontent-injection

zebbern

Red Team Tools and Methodology

This skill should be used when the user asks to "follow red team methodology", "perform bug bounty hunting", "automate reconnaissance", "hunt for XSS vulnerabilities", "enumerate subdomains", or needs security researcher techniques and tool configurations from top bug bounty hunters.

red-teambug-bountyreconnaissancepentesting

zebbern

File Path Traversal Testing

This skill should be used when the user asks to "test for directory traversal", "exploit path traversal vulnerabilities", "read arbitrary files through web applications", "find LFI vulnerabilities", or "access files outside web root". It provides comprehensive file path traversal attack and testing methodologies.

path-traversaldirectory-traversalLFIweb-security

zebbern

Linux Production Shell Scripts

This skill should be used when the user asks to "create bash scripts", "automate Linux tasks", "monitor system resources", "backup files", "manage users", or "write production shell scripts". It provides ready-to-use shell script templates for system administration.

linuxbashshell-scriptingsystem-administration

zebbern

Cross-Site Scripting and HTML Injection Testing

This skill should be used when the user asks to "test for XSS vulnerabilities", "perform cross-site scripting attacks", "identify HTML injection flaws", "exploit client-side injection vulnerabilities", "steal cookies via XSS", or "bypass content security policies". It provides comprehensive techniques for detecting, exploiting, and understanding XSS and HTML injection attack vectors in web applications.

web-application-securityxsshtml-injectionpenetration-testing

zebbern

Broken Authentication Testing

This skill should be used when the user asks to "test for broken authentication vulnerabilities", "assess session management security", "perform credential stuffing tests", "evaluate password policies", "test for session fixation", or "identify authentication bypass flaws". It provides comprehensive techniques for identifying authentication and session management weaknesses in web applications.

authentication-testingsession-managementcredential-stuffingsecurity-testing

zebbern

SQL Injection Testing

This skill should be used when the user asks to "test for SQL injection vulnerabilities", "perform SQLi attacks", "bypass authentication using SQL injection", "extract database information through injection", "detect SQL injection flaws", or "exploit database query vulnerabilities". It provides comprehensive techniques for identifying, exploiting, and understanding SQL injection attack vectors across different database systems.

sql-injectionpenetration-testingvulnerability-assessmentdatabase-security

zebbern

Metasploit Framework

This skill should be used when the user asks to "use Metasploit for penetration testing", "exploit vulnerabilities with msfconsole", "create payloads with msfvenom", "perform post-exploitation", "use auxiliary modules for scanning", or "develop custom exploits". It provides comprehensive guidance for leveraging the Metasploit Framework in security assessments.

penetration-testingexploit-developmentmetasploit-frameworkpost-exploitation

zebbern

Pentest Commands

This skill should be used when the user asks to "run pentest commands", "scan with nmap", "use metasploit exploits", "crack passwords with hydra or john", "scan web vulnerabilities with nikto", "enumerate networks", or needs essential penetration testing command references.

pentestingnetwork-scanningexploit-developmentpassword-cracking

zebbern

Burp Suite Web Application Testing

This skill should be used when the user asks to "intercept HTTP traffic", "modify web requests", "use Burp Suite for testing", "perform web vulnerability scanning", "test with Burp Repeater", "analyze HTTP history", or "configure proxy for web testing". It provides comprehensive guidance for using Burp Suite's core features for web application security testing.

burp-suiteweb-application-securitypenetration-testinghttp-interception

zebbern

Windows Privilege Escalation

This skill should be used when the user asks to "escalate privileges on Windows," "find Windows privesc vectors," "enumerate Windows for privilege escalation," "exploit Windows misconfigurations," or "perform post-exploitation privilege escalation." It provides comprehensive guidance for discovering and exploiting privilege escalation vulnerabilities in Windows environments.

windowsprivilege-escalationpost-exploitationpentesting

zebbern

Page 426 of 426 · 21261 results