This is a comprehensive SSTI exploitation playbook that goes well beyond basic detection. It covers polyglot probes to fingerprint engines (Jinja2, Twig, FreeMarker, Velocity, ERB, Thymeleaf), then provides actual RCE chains for each including Jinja2 MRO subclass traversal and sandbox bypasses when underscores or dots are filtered. The routing is smart: it separates expression language injection (SpEL/OGNL) into its own skill and pushes specific CVE scenarios (Jira, Confluence, Spring Cloud Gateway) into a companion file. You get working payloads with correct syntax, not just theory. Load this when you're testing template rendering or preview features and need more than {{7*7}} to prove impact.
npx skills add https://github.com/yaklang/hack-skills --skill ssti-server-side-template-injection