Loads comprehensive command injection attack patterns for when user input touches shell execution, whether it's ping utilities, file converters, or import pipelines. The playbook covers all major shell metacharacters, blind detection via timing and DNS exfiltration, filter bypasses using IFS and brace expansion, and vulnerable code patterns across PHP, Python, Node, and legacy ASP. You get context-specific payloads for quoted strings, command substitution, and OOB channels, plus a solid library of reverse shells for Linux and Windows. The real value is in the blind injection decision trees and the catalog of non-obvious entry points like email senders and archive processors where base models typically miss the execution chain.
npx skills add https://github.com/yaklang/hack-skills --skill cmdi-command-injection