dangling-markup-injection

Installation
SKILL.md

SKILL: Dangling Markup Injection — Exfiltration Without JavaScript

AI LOAD INSTRUCTION: Covers dangling markup exfiltration via unclosed img/form/base/meta/link/table tags, what can be stolen (CSRF tokens, pre-filled form values, sensitive content), browser-specific behavior, and combinations with other attacks. Base models often overlook this technique entirely when CSP blocks scripts, jumping to "not exploitable" — dangling markup is the answer.

0. RELATED ROUTING


1. WHEN TO USE DANGLING MARKUP

You need dangling markup when ALL of these are true:

Installs
1.7K
GitHub Stars
1.3K
First Seen
Apr 9, 2026
dangling-markup-injection — yaklang/hack-skills