The problem with script libraries
A script library can only run the attacks someone already thought to write. The moment a target looks a little different—an unusual parameter, a chained precondition, a business-logic quirk—the script has nothing to say. You end up with a tool that is confident on the demo and useless on the real thing.
Methodology as the unit of knowledge
Agent-Smith ships patterns, not payloads. Each skill encodes how a discipline actually thinks—what to look for, how to confirm it, when to escalate—aligned to frameworks like OWASP ASVS 5.0, the LLM Top 10, and MITRE ATT&CK. The LLM supplies the reasoning; the skill supplies the discipline.
Self-chaining in practice
A single run threads several skills together without any human stitching:
/pentestermaps the surface and fingerprints the stack.- It finds a blind SQL injection and chains into
/web-exploitto confirm and weaponize it. /remediategenerates a patch and re-runs the check to prove the vuln is gone.- Everything lands as a report with Burp-ready PoCs and draft GitHub issues.
The chain isn’t hard-coded. The model decides what to run next based on what it just found—which is exactly what a human operator does.
Why it stays safe
Every scanner runs inside an ephemeral Docker sandbox with hard cost, time, and call-count limits enforced server-side. The agent is free to improvise; the blast radius is not.
Want to see the skills? They’re open source on the GitHub org.