The Agent Skills Directory

[DATA_EXFILTRATION]: The skill contains comprehensive instructions for performing Blind XXE attacks using external DTDs and parameter entities to exfiltrate sensitive file content (e.g., /etc/passwd, flag.txt) to external attacker-controlled listeners.- [COMMAND_EXECUTION]: The methodology provides specific payloads for protocol smuggling (Gopher, Dict) intended to interact with or execute commands on internal services like Redis, which can lead to Remote Code Execution (RCE).- [EXTERNAL_DOWNLOADS]: The documentation references external security testing services such as Burp Collaborator, localtest.me, and nip.io for DNS-based bypass techniques.

ssrf-xxe-methodology