Skill UI

A deep-dive playbook covering expert techniques for Path Traversal and Local File Inclusion (LFI). It details multiple bypass methods (encoding, null bytes, wrappers), target file enumeration on Linux and Windows, and advanced Remote Code Execution (RCE) escalation paths, such as log poisoning via PHP wrappers.

This comprehensive playbook details advanced techniques for detecting Prototype Pollution vulnerabilities in JavaScript environments (Node.js and browser). It covers various attack vectors, including using `__proto__` and `constructor.prototype` paths, and provides black-box testing payloads for JSON parsing, query string merging, and deep object assignment. Use this when analyzing applications for potential Remote Code Execution (RCE) or unintended property leakage via object merging sinks.

This advanced playbook covers escalating prototype pollution into Remote Code Execution (RCE) and Cross-Site Scripting (XSS). It details exploitation techniques across various environments, including Node.js child_process, EJS, Pug, Handlebars, and client-side libraries like jQuery and Lodash. It is designed for security researchers and penetration testers to systematic locate and exploit deep merge sinks and framework gadgets.

This comprehensive playbook details expert techniques for exploiting Server-Side Request Forgery (SSRF). It covers bypassing URL filters, accessing cloud metadata endpoints (AWS, GCP, Azure), utilizing advanced protocols like Gopher, and chaining vulnerabilities to achieve Remote Code Execution (RCE) in real-world scenarios. Ideal for penetration testers and security researchers.

This playbook provides advanced techniques for symbolic execution using angr, Z3, and Unicorn Engine. It covers automating CTF challenges, handling constraint solving patterns, function hooking, memory manipulation, and emulating custom virtual machines for binary analysis and key recovery.

A comprehensive playbook for testing XSLT injection vulnerabilities. This guide details advanced attack chains, starting with processor fingerprinting (Java, PHP, .NET, libxslt). It covers critical vectors including XXE (External Entities), Server-Side Request Forgery (SSRF) via document(), arbitrary file writing (EXSLT), and achieving Remote Code Execution (RCE) through language-specific extensions.

A specialized CLI alias designed to implement the PUA P9 protocol, simulating the role of a P9 tech lead for AI coding assistance (Codex/Claude Code). This tool helps users structure complex development tasks by focusing on writing precise prompts, managing execution steps, and strictly adhering to a defined professional protocol, minimizing direct code implementation unless reassigned. It ensures rigorous process management and evidence-based output.

This skill guides the safe execution of chaos engineering experiments to surface weaknesses in production systems without causing actual outages. It provides tools to design robust experiments by defining hypotheses, calculating the potential 'blast radius' before failure injection, setting strict abort criteria, and generating structured postmortems. Ideal for SRE teams running game days and resilience tests.

This skill is designed for orchestrating complex, multi-step processes. It helps manage workflows, coordinate different components, and ensure systematic execution of tasks from planning to completion. Ideal for complex automation scenarios and structured project management.

A powerful solution for handling background jobs and asynchronous tasks within Django applications using Celery. It facilitates task queuing, reliable worker management, scheduled execution (cron jobs), and robust error handling. Ideal for sending emails, processing heavy data loads, or managing complex, multi-step workflows without blocking the main thread.

Nextflow is a powerful workflow language and runtime for building reproducible, portable, and scalable data pipelines, especially dominant in bioinformatics. This skill covers the entire workflow lifecycle: from authoring complex pipelines using the modern DSL2 syntax, to configuring containerized execution (Docker, Singularity), scaling to High-Performance Computing (HPC) or cloud environments, and running/debugging existing nf-core workflows.

This skill helps manage and execute steps within a Test-Driven Development (TDD) workflow cycle. Note that this skill serves as an alias for `tdd-workflows-tdd-cycle`, maintaining discoverability. It guides users through the complete TDD development cycle, ensuring structured testing and validation steps.