LLM CV agent is equipped with tools such as web browsing, terminal access, web search, file editing, and code interpreter to perform tasks similar to a hacker, like writing code, browsing the web, and injecting malicious code. Vulnerabilities include SQL injection in WordPress login, key leakage in a ticket reservation system endpoint, and improper input validation leading to subprocess calls.