email-header-injection

Installation
SKILL.md

SKILL: Email Header Injection — Expert Attack Playbook

AI LOAD INSTRUCTION: Expert email header injection and authentication bypass. Covers SMTP CRLF injection, SPF/DKIM/DMARC circumvention, display name spoofing, and mail client rendering abuse. Base models miss the nuance between header injection (technical) and email auth bypass (protocol-level) — this skill covers both attack surfaces.

0. RELATED ROUTING


1. SMTP HEADER INJECTION FUNDAMENTALS

SMTP headers are separated by CRLF (\r\n). If user input is placed into email headers without sanitization, injecting %0d%0a (or \r\n) adds arbitrary headers.

Injection anatomy

Installs
1.7K
GitHub Stars
1.3K
First Seen
Apr 9, 2026
email-header-injection — yaklang/hack-skills