ssti-methodology

This “code” is an embedded attack playbook for SSTI exploitation: it instructs engine fingerprinting, blacklist/sandbox bypass, and provides guidance to achieve RCE and extract flags/secrets. It contains no operational malware by itself, but its purpose is clearly weaponized and could materially enable compromise of vulnerable services if distributed/used in a supply chain.

SUSPICIOUS/HIGH-RISK skill. Its stated purpose and behavior are internally consistent, but the purpose itself is offensive: it equips an AI agent to probe for SSTI and escalate to file reads and remote command execution on targets. There is little supply-chain risk in the provided text, but the exploit enablement makes the overall skill high risk.

This fragment is an offensive SSTI exploit and filter-bypass guide across multiple template engines. It explicitly documents chains to achieve OS command execution (RCE), read sensitive files, and exfiltrate secrets/configuration via template rendering. If such content is packaged in an open-source dependency, it is a serious supply-chain security indicator and should be treated as high risk pending removal/review and investigation of how it is distributed/triggered within the package.

This fragment is a high-risk, explicit exploit guide for Jinja2 SSTI enabling information disclosure and remote command execution. It documents multiple reliable exploitation patterns (direct context disclosure, subclass-based file reads, and __globals__ -> os -> popen/Popen RCE). Any application that renders untrusted templates without strict sandboxing, filters, or careful context exposure is vulnerable to the techniques shown. Treat the content as actionable malicious guidance — remediate by disallowing user-controlled templates, using Jinja2 sandboxing, removing sensitive objects from template context, and employing input validation/templating policies.