feat: CAP-989: Port 5 optimized skills to web-security capability + aem-sling-exploitation#28
Merged
GangGreenTemperTatum merged 1 commit intoMay 28, 2026
Conversation
New skill: aem-sling-exploitation (97% review, 96% content eval) - Sling selector abuse (rawcontent, listParagraphs, form CVE-2024-26029) - Dispatcher bypass chains via selector/suffix manipulation - JCR enumeration and QueryBuilder exploitation - AEM-specific XSS gadgets (moment.js, jQuery .text(), javascript: URI) - Reference files: dispatcher-bypass-patterns.md, xss-gadgets.md Updated: blind-ssrf-chains (97% review, 95% content eval) - Added constraint assessment table — agents evaluate SSRF primitive capabilities before attempting chains, preventing wasted cycles - Replaced repo-local callback CLI references with CallbackClient tool - Consolidated duplicate examples, added Gopher Redis/FastCGI chain Updated: dompurify-mxss-bypass (90% review, 100% content eval) - Added jQuery .text() post-sanitization bypass (not mXSS, data flow bug) - Added 8-step systematic workflow with validation checkpoints Updated: dom-vulnerability-detection (92% review, 88% content eval) - Added library gadgets: jQuery .text() re-decoding, moment.js format injection, javascript: URI hostname population bypass - Added workflow feedback loops and expanded CSTI guidance Updated: dom-vulnerability-static-analysis (92% review, 87% content eval) - Extracted GADGETS.md reference file for progressive disclosure - Added cross-validation step between grep and AST results - moment.js detection: 38% → 100% with GADGETS.md content All skills eval-validated via tessl (activation + content evals on claude-sonnet-4-6). Chain With sections cleaned for capability context. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
GangGreenTemperTatum
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
New skill: aem-sling-exploitation (97% review, 96% content eval)
Updated: blind-ssrf-chains (97% review, 95% content eval)
Updated: dompurify-mxss-bypass (90% review, 100% content eval)
Updated: dom-vulnerability-detection (92% review, 88% content eval)
Updated: dom-vulnerability-static-analysis (92% review, 87% content eval)
All skills eval-validated via tessl (activation + content evals on claude-sonnet-4-6). Chain With sections cleaned for capability context.