SKILL Leaderboard | Agent Skills Ranking

███████╗██╗  ██╗██╗██╗     ██╗         ██████╗  █████╗ ███╗   ██╗██╗  ██╗
██╔════╝██║ ██╔╝██║██║     ██║         ██╔══██╗██╔══██╗████╗  ██║██║ ██╔╝
███████╗█████╔╝ ██║██║     ██║         ██████╔╝███████║██╔██╗ ██║█████╔╝
╚════██║██╔═██╗ ██║██║     ██║         ██╔══██╗██╔══██║██║╚██╗██║██╔═██╗
███████║██║  ██╗██║███████╗███████╗    ██║  ██║██║  ██║██║ ╚████║██║  ██╗
╚══════╝╚═╝  ╚═╝╚═╝╚══════╝╚══════╝    ╚═╝  ╚═╝╚═╝  ╚═╝╚═╝  ╚═══╝╚═╝  ╚═╝

Agent Skills 排行榜 · 关键词 + 语义搜索

按 / 聚焦搜索框

正在使用 AI 进行语义搜索...

24,468

总 Skills

91.2M

总安装量

2,582

贡献者

#	Skill	仓库	描述	安装量
4851	react-three-fiber	vercel-labs/json-render	@json-render/react-three-fiber React Three Fiber renderer for json-render. 19 built-in 3D components. Two Entry Points Entry Point Exports Use For @json-render/react-three-fiber/catalog threeComponentDefinitions Catalog schemas (no R3F dependency, safe for server) @json-render/react-three-fiber threeComponents , ThreeRenderer , ThreeCanvas , schemas R3F implementations and renderer Usage Pattern Pick the 3D components you need from the standard definitions: import { defineCatalog } from "@json-r...	1.2K
4852	skill-authoring-workflow	deanpeters/product-manager-skills	Purpose Create or update PM skills without chaos. This workflow turns rough notes, workshop content, or half-baked prompt dumps into compliant skills/<skill-name>/SKILL.md assets that actually pass validation and belong in this repo. Use it when you want to ship a new skill without "looks good to me" roulette. Key Concepts Dogfood First Use repo-native tools and standards before inventing a custom process: scripts/find-a-skill.sh scripts/add-a-skill.sh scripts/build-a-skill.sh scripts/test-a-ski...	1.2K
4853	strategy-compare	marketcalls/vectorbt-backtesting-skills	Create a strategy comparison script. Arguments Parse $ARGUMENTS as: symbol followed by strategy names $0 = symbol (e.g., SBIN, RELIANCE, NIFTY) Remaining args = strategies to compare (e.g., ema-crossover rsi donchian) If only a symbol is given with no strategies, compare: ema-crossover, rsi, donchian, supertrend. If "long-vs-short" is one of the strategies, compare longonly vs shortonly vs both for the first real strategy. Instructions Read the vectorbt-expert skill rules for reference patterns ...	1.2K
4854	aws-sdk-java-v2-s3	giuseppe-trisciuoglio/developer-kit	AWS SDK for Java 2.x - Amazon S3 Overview Amazon S3 (Simple Storage Service) is object storage built to store and retrieve any amount of data from anywhere. This skill covers patterns for working with S3 using AWS SDK for Java 2.x, including bucket operations, object uploads/downloads, presigned URLs, multipart transfers, and Spring Boot integration. When to Use Use this skill when: Creating, listing, or deleting S3 buckets with proper configuration Uploading or downloading objects from S3 with ...	1.2K
4855	langchain4j-testing-strategies	giuseppe-trisciuoglio/developer-kit	LangChain4J Testing Strategies Overview LangChain4J testing requires specialized strategies due to the non-deterministic nature of LLM responses and the complexity of AI workflows. This skill provides comprehensive patterns for unit testing with mocks, integration testing with Testcontainers, and end-to-end testing for RAG systems, AI Services, and tool execution. When to Use This Skill Use this skill when: Building AI-powered applications with LangChain4J Writing unit tests for AI services and ...	1.2K
4856	release-notes	phuryn/pm-skills	Release Notes Generator Transform technical tickets, PRDs, or internal changelogs into polished, user-facing release notes. Context You are writing release notes for $ARGUMENTS . If the user provides files (JIRA exports, Linear tickets, PRDs, Git logs, or internal changelogs), read them first. If they mention a product URL, use web search to understand the product and audience. Instructions Gather raw material : Read all provided tickets, changelogs, or descriptions. Extract: What changed (featu...	1.2K
4857	translation	kostja94/marketing-skills	Content: Translation Guides translation workflow, terminology, style, and quality for multilingual content. Covers when to use human vs machine translation, glossary and style guide creation, and SEO considerations. For i18n implementation, hreflang, and URL structure, see localization-strategy . When invoking : On first use , if helpful, open with 1–2 sentences on what this skill covers and why it matters, then provide the main output. On subsequent use or when the user asks to skip, go directl...	1.2K
4858	elasticsearch-file-ingest	elastic/agent-skills	Elasticsearch File Ingest Stream-based ingestion and transformation of large data files (NDJSON, CSV, Parquet, Arrow IPC) into Elasticsearch. Features & Use Cases Stream-based : Handle large files without running out of memory High throughput : 50k+ documents/second on commodity hardware Cross-version : Seamlessly migrate between ES 8.x and 9.x, or replicate across clusters Formats : NDJSON, CSV, Parquet, Arrow IPC Transformations : Apply custom JavaScript transforms during ingestion (enrich, sp...	1.2K
4859	avoid-feature-creep	waynesutton/convexskills	Avoid Feature Creep for Agents Stop building features nobody needs. This skill helps you ship products that solve real problems without drowning in unnecessary complexity. Feature creep kills products. It delays launches, burns budgets, exhausts teams, and creates software nobody wants to use. The most successful products do fewer things well. The Core Problem Feature creep is the gradual accumulation of features beyond what your product needs to deliver value. It happens slowly, then all at...	1.2K
4860	excel-mcp	sbroenne/mcp-server-excel	Excel MCP Server Skill Server-specific guidance for Excel MCP Server. Tools are auto-discovered - this documents quirks, workflows, and gotchas. Preconditions Windows host with Microsoft Excel installed (2016+) Use full Windows paths: C:\Users\Name\Documents\Report.xlsx Excel files must not be open in another Excel instance VBA operations require "Trust access to VBA project object model" enabled in Excel Trust Center Session Workflow Open/Create: excel_file(open) or excel_file(create-empty) →...	1.2K
4861	sentry-go-sdk	getsentry/sentry-for-ai	All Skills > SDK Setup > Go SDK Sentry Go SDK Opinionated wizard that scans your Go project and guides you through complete Sentry setup. Invoke This Skill When User asks to "add Sentry to Go" or "setup Sentry" in a Go app User wants error monitoring, tracing, logging, metrics, or crons in Go User mentions sentry-go , github.com/getsentry/sentry-go , or Go Sentry SDK User wants to monitor panics, HTTP handlers, or scheduled jobs in Go Note: SDK versions and APIs below reflect Sentry docs at time...	1.2K
4862	metrics-dashboard	phuryn/pm-skills	Product Metrics Dashboard Design a comprehensive product metrics dashboard with the right metrics, visualizations, and alert thresholds. Context You are designing a metrics dashboard for $ARGUMENTS . If the user provides files (existing dashboards, analytics data, OKRs, or strategy docs), read them first. Domain Context Metrics vs KPIs vs NSM : Metrics = all measurable things. KPIs = a few key quantitative metrics tracked over a longer period. North Star Metric = a single customer-centric KPI th...	1.2K
4863	value-proposition	phuryn/pm-skills	Value Proposition Metadata Name : value-proposition Description : Generate a detailed value proposition using a 6-part template with JTBD framing. Includes practical examples for designing compelling customer value. Triggers : value proposition, value prop, customer value, JTBD value, value map Instructions You are a product strategist designing a clear value proposition for $ARGUMENTS. Your task is to develop a comprehensive value proposition that articulates the customer value delivered by the...	1.2K
4864	brainstorm-ideas-existing	phuryn/pm-skills	Brainstorm Product Ideas (Existing Product) Multi-perspective ideation for continuous product discovery. Generates ideas from PM, Designer, and Engineer viewpoints, then prioritizes the best five. Context You are supporting a product trio performing continuous product discovery for $ARGUMENTS . If the user provides files (research data, opportunity trees, personas), read them first. If they mention a product URL, use web search to understand the product. Domain Context Product Trio (Teresa Torre...	1.2K
4865	quarkus-security	affaan-m/everything-claude-code	Quarkus Security Review Best practices for securing Quarkus applications with authentication, authorization, and input validation. When to Activate Adding authentication (JWT, OIDC, Basic Auth) Implementing authorization with @RolesAllowed or SecurityIdentity Validating user input (Bean Validation, custom validators) Configuring CORS or security headers Managing secrets (Vault, environment variables, config sources) Adding rate limiting or brute-force protection Scanning dependencies for CVEs Wo...	1.2K
4866	hatch-pet	nexu-io/open-design	Hatch Pet Open Design integration. This is the unmodified Codex hatch-pet skill, vendored under skills/hatch-pet/ so any Open Design agent can run it. After the skill finishes packaging, the resulting spritesheet.webp (under ${CODEX_HOME:-$HOME/.codex}/pets/<pet-name>/ ) can be imported into the floating pet companion via Settings → Pets → Import Codex sprite . The import flow auto-detects the 8×9 / 192×208 atlas and lets the user pick which animation row to play (idle, running-right, waving, …)...	1.2K
4867	fabro-workflow-factory	aradotso/trending-skills	Fabro Workflow Factory Skill by ara.so — Daily 2026 Skills collection. Fabro is an open source AI coding workflow orchestrator written in Rust. It lets you define agent pipelines as Graphviz DOT graphs — with branching, loops, human approval gates, multi-model routing, and cloud sandbox execution — then run them as a persistent service. You define the process; agents execute it; you intervene only where it matters. Installation Via Claude Code (recommended) curl -fsSL https://fabro.sh/install.m...	1.2K
4868	hono-api-scaffolder	jezweb/claude-skills	Hono API Scaffolder Add structured API routes to an existing Cloudflare Workers project. This skill runs AFTER the project shell exists (via cloudflare-worker-builder or vite-flare-starter) and produces route files, middleware, and endpoint documentation. Workflow Step 1: Gather Endpoints Determine what the API needs. Either ask the user or infer from the project description. Group endpoints by resource: Users: GET /api/users, GET /api/users/:id, POST /api/users, PUT /api/users/:id, DELETE /a...	1.2K
4869	alphaear-news	rkiding/awesome-finance-skills	AlphaEar News Skill Overview Fetch real-time hot news, generate unified trend reports, and retrieve Polymarket prediction data. Capabilities 1. Fetch Hot News & Trends Use scripts/news_tools.py via NewsNowTools . Fetch News : fetch_hot_news(source_id, count) See sources.md for valid source_id s (e.g., cls , weibo ). Unified Report : get_unified_trends(sources) Aggregates top news from multiple sources. 2. Fetch Prediction Markets Use scripts/news_tools.py via PolymarketTools . Market Summary : g...	1.2K
4870	marketing-ideas	phuryn/pm-skills	Marketing Ideas for SaaS You are a marketing strategist with a library of 139 proven marketing ideas. Your goal is to help users find the right marketing strategies for their specific situation, stage, and resources. How to Use This Skill Check for product marketing context first: If .agents/product-marketing-context.md exists (or .claude/product-marketing-context.md in older setups), read it before asking questions. Use that context and only ask for information not already covered or specific t...	1.2K
4871	wiki-digest	ar9av/obsidian-wiki	Wiki Digest — Knowledge Newsletter Generator You are generating a human-readable digest of recent wiki activity: what was learned, what was updated, what themes are emerging, and what's worth reviewing. This skill summarizes knowledge , not sources — think of it as a weekly review session, not an ingestion status report. Before You Start Resolve config — follow the Config Resolution Protocol in llm-wiki/SKILL.md (walk up CWD for .env → ~/.obsidian-wiki/config → prompt setup). This gives OBSIDIAN...	1.2K
4872	fsharp-testing	affaan-m/everything-claude-code	F Testing Patterns Comprehensive testing patterns for F applications using xUnit, FsUnit, Unquote, FsCheck, and modern .NET testing practices. When to Activate Writing new tests for F code Reviewing test quality and coverage Setting up test infrastructure for F projects Debugging flaky or slow tests Test Framework Stack Show more	1.2K
4873	quarkus-tdd	affaan-m/everything-claude-code	Quarkus TDD Workflow TDD guidance for Quarkus 3.x services with 80%+ coverage (unit + integration). Optimized for event-driven architectures with Apache Camel. When to Use New features or REST endpoints Bug fixes or refactors Adding data access logic, security rules, or reactive streams Testing Apache Camel routes and event handlers Testing event-driven services with RabbitMQ Testing conditional flow logic Validating CompletableFuture async operations Testing LogContext propagation Workflow Show...	1.2K
4874	web-cache-deception	yaklang/hack-skills	SKILL: Web Cache Deception — Expert Attack Playbook AI LOAD INSTRUCTION : Web cache deception and poisoning techniques. Covers path confusion attacks, CDN cache behavior exploitation, cache key manipulation, and the distinction between cache deception (steal data) and cache poisoning (serve malicious content). Presented by Omer Gil at Black Hat 2017 and significantly expanded since. Advanced Reference Also load CACHE_POISONING_TECHNIQUES.md when you need: Web Cache Poisoning vs Web Cache Decepti...	1.2K
4875	csv-formula-injection	yaklang/hack-skills	SKILL: CSV Formula Injection AI LOAD INSTRUCTION : This skill covers formula/DDE-style injection in CSV and spreadsheet contexts, obfuscation, cloud-sheet primitives, and safe testing methodology. Use only where explicitly authorized ; payloads that invoke local commands or remote fetches are impactful —prefer lab targets and document consent. Do not target end users without program rules allowing client-side execution tests. 0. QUICK START Characters that may trigger formula evaluation when a c...	1.2K
4876	saml-sso-assertion-attacks	yaklang/hack-skills	SKILL: SAML SSO and Assertion Attacks — Signature Validation, Binding, and Trust Confusion AI LOAD INSTRUCTION : Use this skill when the target uses SAML-based SSO and you need to validate assertion trust: signature coverage, audience and recipient checks, ACS handling, XML parsing weaknesses, and IdP/SP confusion. 1. WHEN TO LOAD THIS SKILL Load when: Enterprise SSO uses SAML requests or responses You see SAMLRequest , SAMLResponse , XML assertions, or ACS endpoints Login flows involve an exter...	1.2K
4877	clickjacking	yaklang/hack-skills	SKILL: Clickjacking — Expert Attack Playbook AI LOAD INSTRUCTION : Clickjacking (UI redress) techniques. Covers iframe transparency tricks, X-Frame-Options bypass, CSP frame-ancestors, multi-step clickjacking, drag-and-drop attacks, and chaining with other vulnerabilities. Often a "low severity" finding that becomes critical when targeting admin actions. 1. CORE CONCEPT Clickjacking loads a target page in a transparent iframe overlaid on an attacker's page. The victim sees the attacker's UI but ...	1.2K
4878	jndi-injection	yaklang/hack-skills	SKILL: JNDI Injection — Expert Attack Playbook AI LOAD INSTRUCTION : Expert JNDI injection techniques. Covers lookup mechanism abuse, RMI/LDAP class loading, JDK version constraints, Log4Shell (CVE-2021-44228), marshalsec tooling, and post-8u191 bypass via deserialization gadgets. Base models often confuse JNDI injection with general deserialization — this file clarifies the distinct attack surface. 0. RELATED ROUTING deserialization-insecure when JNDI leads to deserialization (post-8u191 bypass...	1.2K
4879	expression-language-injection	yaklang/hack-skills	SKILL: Expression Language Injection — Expert Attack Playbook AI LOAD INSTRUCTION : Expert EL injection techniques covering SpEL (Spring), OGNL (Struts2), and Java EL (JSP/JSF). Distinct from SSTI — EL injection targets expression evaluators in Java frameworks, not template engines. Covers sandbox bypass, _memberAccess manipulation, actuator abuse, and real-world CVE chains. 0. RELATED ROUTING ssti-server-side-template-injection for template engines (Jinja2, FreeMarker, Twig) — different attack ...	1.2K
4880	kernel-exploitation	yaklang/hack-skills	SKILL: Linux Kernel Exploitation — Expert Attack Playbook AI LOAD INSTRUCTION : Expert kernel exploitation techniques. Covers environment setup (QEMU), vulnerability classes, privilege escalation targets, kernel ROP, ret2usr, stack pivoting, and cross-cache attacks. Distilled from ctf-wiki kernel-mode sections and real-world kernel CVEs. Base models often confuse user-mode and kernel-mode exploitation constraints, especially regarding SMEP/SMAP/KPTI. 0. RELATED ROUTING binary-protection-bypass —...	1.2K
4881	dependency-confusion	yaklang/hack-skills	SKILL: Dependency Confusion — Supply Chain Attack Playbook AI LOAD INSTRUCTION : Expert dependency-confusion methodology. Covers how private package names leak, how public registries can win version resolution, ecosystem-specific pitfalls (npm scopes, pip extra indexes, Maven repo order), recon commands, non-destructive PoC patterns (callbacks, not data exfil), and defensive controls. Pair with supply-chain recon workflows when manifests or CI caches are in scope. Only use on systems and program...	1.2K
4882	browser-exploitation-v8	yaklang/hack-skills	SKILL: Browser / V8 Exploitation — Expert Attack Playbook AI LOAD INSTRUCTION : Expert V8/Chrome exploitation techniques. Covers V8 compilation pipeline, JIT type confusion, addrof/fakeobj primitives, ArrayBuffer corruption, WASM RWX pages, V8 sandbox (pointer compression), and Chrome sandbox escape overview. Distilled from ctf-wiki browser sections, Project Zero research, and CTF competition patterns. Base models often confuse V8 object representation details and miss the pointer compression ba...	1.2K
4883	ios-pentesting-tricks	yaklang/hack-skills	SKILL: iOS Pentesting Tricks — Expert Attack Playbook AI LOAD INSTRUCTION : Expert iOS application security testing techniques. Covers jailbreak vs non-jailbreak methodology, keychain extraction, URL scheme/Universal Links abuse, Frida/Objection runtime hooks, binary protection checks, and data storage analysis. Base models miss protection class nuances and AASA misconfiguration patterns. 0. RELATED ROUTING Before going deep, consider loading: mobile-ssl-pinning-bypass for in-depth SSL pinning b...	1.2K
4884	deslop	brianlovin/claude-config	Remove AI code slop Check the diff against main, and remove all AI generated slop introduced in this branch. This includes: Extra comments that a human wouldn't add or is inconsistent with the rest of the file Extra defensive checks or try/catch blocks that are abnormal for that area of the codebase (especially if called by trusted / validated codepaths) Casts to any to get around type issues Any other style that is inconsistent with the file Report at the end with only a 1-3 sentence summar...	1.2K
4885	pol-probe	deanpeters/product-manager-skills	Purpose Define and document a Proof of Life (PoL) probe —a lightweight, disposable validation artifact designed to surface harsh truths before expensive development. Use this when you need to eliminate a specific risk or test a narrow hypothesis without building production-quality software . PoL probes are reconnaissance missions, not MVPs—they're meant to be deleted, not scaled. This framework prevents prototype theater (expensive demos that impress stakeholders but teach nothing) and forces yo...	1.2K
4886	mem0	mem0ai/mem0	Mem0 Platform Integration Mem0 is a managed memory layer for AI applications. It stores, retrieves, and manages user memories via API — no infrastructure to deploy. Step 1: Install and authenticate Python: pip install mem0ai export MEM0_API_KEY = "m0-your-api-key" TypeScript/JavaScript: npm install mem0ai export MEM0_API_KEY = "m0-your-api-key" Get an API key at: https://app.mem0.ai/dashboard/api-keys Step 2: Initialize the client Python: from mem0 import MemoryClient client = MemoryClient ( api...	1.2K
4887	sentry-cloudflare-sdk	getsentry/sentry-for-ai	All Skills > SDK Setup > Cloudflare SDK Sentry Cloudflare SDK Opinionated wizard that scans your Cloudflare project and guides you through complete Sentry setup for Workers, Pages, Durable Objects, Queues, Workflows, and Hono. Invoke This Skill When User asks to "add Sentry to Cloudflare Workers" or "set up Sentry" in a Cloudflare project User wants to install or configure @sentry/cloudflare User wants error monitoring, tracing, logging, crons, or AI monitoring for Cloudflare Workers or Pages Us...	1.2K
4888	quarkus-patterns	affaan-m/everything-claude-code	Quarkus Development Patterns Quarkus 3.x architecture and API patterns for cloud-native, event-driven services with Apache Camel. When to Activate Building REST APIs with JAX-RS or RESTEasy Reactive Structuring resource → service → repository layers Implementing event-driven patterns with Apache Camel and RabbitMQ Configuring Hibernate Panache, caching, or reactive streams Adding validation, exception mapping, or pagination Setting up profiles for dev/staging/production environments (YAML config...	1.2K
4889	video	starchild-ai-agent/official-skills	No SKILL.md available for this skill. View on GitHub	1.2K
4890	kibana-agent-builder	elastic/agent-skills	Manage Agent Builder Agents and Tools in Kibana Create, update, delete, inspect, and chat with Agent Builder agents. Create, update, delete, list, and test custom tools (ES\|QL, index search, workflow). If the user provided a name, use $ARGUMENTS as the default agent name. Prerequisites Set these environment variables before running any script: Variable Required Description KIBANA_URL Yes Kibana base URL (e.g., https://my-deployment.kb.us-east-1.aws.elastic.cloud ) KIBANA_API_KEY No API key for a...	1.2K
4891	elasticsearch-authz	elastic/agent-skills	Elasticsearch Authorization Manage Elasticsearch role-based access control: native users, roles, role assignment, and role mappings for external realms. For authentication methods and API key management, see the elasticsearch-authn skill. For detailed API endpoints, see references/api-reference.md . Deployment note: Feature availability differs between self-managed, ECH, and Serverless. See Deployment Compatibility for details. Jobs to Be Done Create a native user with a specific set of privileg...	1.2K
4892	elasticsearch-audit	elastic/agent-skills	Elasticsearch Audit Logging Enable and configure security audit logging for Elasticsearch via the cluster settings API. Audit logs record security events such as authentication attempts, access grants and denials, role changes, and API key operations — essential for compliance and incident investigation. For Kibana audit logging (saved object access, login/logout, space operations), see kibana-audit . For authentication and API key management, see elasticsearch-authn . For roles and user managem...	1.2K
4893	image-generation	zc277584121/marketing-skills	Image Generation Skill Overview I help you create effective prompts for AI image generation tools like DALL-E, Midjourney, and Stable Diffusion. I understand the nuances of different platforms and can help you achieve specific visual styles. What I can do: Write detailed image generation prompts Optimize prompts for specific AI tools Suggest style keywords and modifiers Create negative prompts to avoid unwanted elements Adapt prompts for different aspect ratios Generate variations and alternativ...	1.2K
4894	prototype-pollution	yaklang/hack-skills	SKILL: Prototype Pollution — Expert Attack Playbook AI LOAD INSTRUCTION : Expert prototype pollution for client and server JS. Covers __proto__ vs constructor.prototype , merge-sink detection, Express/qs-style black-box probes, and gadget chains (EJS, Timelion-class patterns, child_process/NODE_OPTIONS). Assumes you know object spread and prototype inheritance — focus is on parser behavior and post-pollution sinks . Routing note: prioritize PP when you see deep merges, recursive assign, JSON.par...	1.2K
4895	type-juggling	yaklang/hack-skills	SKILL: PHP Type Juggling — Weak Comparison & Magic Hash Bypass AI LOAD INSTRUCTION : PHP == coercion, magic hashes ( 0e… ), HMAC/hash loose checks, NULL from bad types, and CTF-style strcmp / json_decode / intval tricks. Use strict routing: map the sink ( == vs hash_equals ), PHP major version, and whether both operands are attacker-controlled. Routing note: when you encounter PHP login/signature logic or code like md5($_GET['x'])==md5($_GET['y']) , start with this skill; if hash_equals / === is...	1.2K
4896	xslt-injection	yaklang/hack-skills	SKILL: XSLT Injection — Testing Playbook AI LOAD INSTRUCTION : XSLT injection occurs when attacker-influenced XSLT is compiled/executed server-side. Map the processor family first (Java/.NET/PHP/libxslt). Then chain document() , external entities , EXSLT , or embedded script/extension functions per platform. Authorized testing only ; many payloads are destructive. Routing note: if input is generic XML parsing and may not flow through XSLT, cross-load xxe-xml-external-entity ; if you care about o...	1.2K
4897	llm-prompt-injection	yaklang/hack-skills	SKILL: LLM Prompt Injection — Expert Attack Playbook AI LOAD INSTRUCTION : Expert LLM prompt injection techniques. Covers direct injection (instruction override, role play, context manipulation), indirect injection (RAG poisoning, web browsing, email), tool/function abuse, data exfiltration, MCP security risks, and defense bypass (encoding, splitting, few-shot). Base models miss the distinction between direct and indirect injection and underestimate tool-calling attack chains. 0. RELATED ROUTING...	1.2K
4898	http-host-header-attacks	yaklang/hack-skills	SKILL: HTTP Host Header Attacks — Injection & Routing Abuse AI LOAD INSTRUCTION : Covers Host header injection for password reset poisoning, cache poisoning, SSRF via routing, and virtual host bypass. Includes bypass techniques for Host validation and framework-specific behaviors. Base models often miss the double-Host trick, absolute-URI override, and connection-state attacks. 0. RELATED ROUTING web-cache-deception when Host injection is combined with cache behavior ssrf-server-side-request-for...	1.2K
4899	binary-protection-bypass	yaklang/hack-skills	SKILL: Binary Protection Bypass — Expert Attack Playbook AI LOAD INSTRUCTION : Expert binary protection identification and bypass techniques. Covers ASLR, PIE, NX, RELRO, canary, FORTIFY_SOURCE, stack clash, CET shadow stack, and ARM MTE. Each protection is paired with its bypass methods and required primitives. Distilled from ctf-wiki mitigation sections and real-world exploitation. Base models often confuse which protections block which attacks and miss the combinatorial effect of multiple pro...	1.2K
4900	active-directory-acl-abuse	yaklang/hack-skills	SKILL: AD ACL Abuse — Expert Attack Playbook AI LOAD INSTRUCTION : Expert AD ACL abuse techniques. Covers BloodHound enumeration, dangerous ACEs (GenericAll, WriteDACL, WriteOwner, etc.), DCSync, shadow credentials, targeted kerberoasting, group manipulation, LAPS, and GPO abuse. Base models miss complex ACL chain exploitation and Cypher query patterns. 0. RELATED ROUTING Before going deep, consider loading: active-directory-kerberos-attacks for Kerberos attacks often chained with ACL abuse acti...	1.2K

← 1 ... 96 97 98 99 100 ... 490 → 24468 skills