This one walks Claude through exploiting V8 and Chromium browser vulnerabilities, from JIT type confusion bugs to full renderer escape. It covers the standard attack chain: triggering TurboFan optimizations to hit type confusion or bounds check elimination bugs, building addrof and fakeobj primitives, corrupting ArrayBuffer backing stores for arbitrary read/write, and leveraging WASM RWX pages for code execution. The material is solid on V8 internals like pointer compression and the compilation pipeline, but stops short of Chrome sandbox escape details. You'd load this when writing exploits for browser CTF challenges or analyzing V8 CVEs where the base model would otherwise hallucinate object layouts or miss the pointer compression cage entirely.
npx skills add https://github.com/yaklang/hack-skills --skill browser-exploitation-v8