The Agent Skills Directory

[DATA_EXFILTRATION]: The skill provides detailed instructions and payloads for exfiltrating sensitive local files (such as /etc/passwd, /flag.txt, and /proc/self/environ) to an attacker-controlled server using Out-Of-Band (OOB) techniques involving parameter entities and external DTDs.\n- [COMMAND_EXECUTION]: The methodology instructs the agent to execute shell commands to facilitate exploitation, including starting local servers for data reception (python3 -m http.server, nc -lvp) and manipulating file archives (unzip, zip) to inject malicious XML into DOCX documents.

xxe-injection-methodology