The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides instructions to execute shell commands for dependency analysis, including mvn dependency:tree and gradle dependencies. It also references running Java-based exploitation tools like ysoserial and marshalsec.\n- [REMOTE_CODE_EXECUTION]: Methodology is provided for achieving code execution on target systems through various Java-specific vulnerabilities, including deserialization, JNDI injection, and expression language injection (SpEL/OGNL).\n- [DATA_EXFILTRATION]: The skill describes techniques for identifying and extracting sensitive credentials, such as JWT secrets from Spring Actuator endpoints or database passwords from configuration files, as part of an exploit chain.\n- [SAFE]: The inclusion of exploitation payloads, such as reverse shell strings, and references to external security tools is entirely consistent with the skill's stated purpose of assisting in Java security audits and exploit chain research. No hidden or malicious behavior targeting the user environment was detected.

java-exploit-chain