data-exfil

Official

Test AI data exfiltration vulnerabilities with red team payloads.

Authordreadnode
Version1.0.0
Installs0

System Documentation

What problem does it solve?

AI and LLM applications often expose hidden data exfiltration surfaces via rendered markdown, HTML, code artifacts, and URL parsing logic, making it difficult for security teams to identify and validate these vulnerabilities without specialized guidance.

Core Features & Use Cases

  • Comprehensive Technique Library: Covers markdown exfil, HTML-in-markdown injection, tool artifact exfiltration (Matplotlib, Mermaid, KaTeX), domain encoding bypasses for URL filters, and payload encoding methods.
  • Red Team Workflow Support: Includes decision matrices, critical validation rules, and out-of-band callback guidance to streamline payload crafting and vulnerability proofing for AI red teaming engagements.
  • Use Case Example: A security tester assessing an AI chat app that renders markdown can use this skill to identify image auto-fire exfil vectors, bypass url_safe filters with percent-encoded domains, and validate exfil with out-of-band callbacks.

Quick Start

Use the data-exfil skill to craft a test exfil payload for the target AI app's rendering pipeline and confirm the vulnerability with an out-of-band callback.

Dependency Matrix

Required Modules

None required

Components

references

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: data-exfil
Download link: https://github.com/dreadnode/capabilities/archive/main.zip#data-exfil

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.