data-exfil
OfficialTest AI data exfiltration vulnerabilities with red team payloads.
Software Engineering#rendering-pipeline#llm-security#data-exfiltration#ai-red-teaming#payload-crafting#url-filter-bypass
Authordreadnode
Version1.0.0
Installs0
System Documentation
What problem does it solve?
AI and LLM applications often expose hidden data exfiltration surfaces via rendered markdown, HTML, code artifacts, and URL parsing logic, making it difficult for security teams to identify and validate these vulnerabilities without specialized guidance.
Core Features & Use Cases
- Comprehensive Technique Library: Covers markdown exfil, HTML-in-markdown injection, tool artifact exfiltration (Matplotlib, Mermaid, KaTeX), domain encoding bypasses for URL filters, and payload encoding methods.
- Red Team Workflow Support: Includes decision matrices, critical validation rules, and out-of-band callback guidance to streamline payload crafting and vulnerability proofing for AI red teaming engagements.
- Use Case Example: A security tester assessing an AI chat app that renders markdown can use this skill to identify image auto-fire exfil vectors, bypass url_safe filters with percent-encoded domains, and validate exfil with out-of-band callbacks.
Quick Start
Use the data-exfil skill to craft a test exfil payload for the target AI app's rendering pipeline and confirm the vulnerability with an out-of-band callback.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: data-exfil Download link: https://github.com/dreadnode/capabilities/archive/main.zip#data-exfil Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.