code-injection_skill
- Python
1
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill pluginagentmarketplace/custom-plugin-ai-red-teaming --skill code-injection- SKILL.md6.3 KB
Overview
This skill tests AI systems for code injection vulnerabilities, including prompt-to-code attacks, template injection, agent tool exploitation, and NL-to-SQL abuse. It provides payload sets, test harnesses, and classification guidance to identify risky behaviours and prioritize remediation. Use it to surface critical execution, sandbox escape, and data-exfiltration paths in agent-based and model-integrated systems.
How this skill works
The skill runs categorized payloads against target components and inspects responses and side effects to detect execution, file access, network exfiltration, and SQL injection patterns. It uses explicit code-execution strings, template payloads, and natural-language prompts translated to SQL to reveal unsafe translations. Results are grouped into vulnerable/blocked or vulnerable/safe buckets and annotated with severity to guide remediation.
When to use it
- During red-team assessments of conversational agents or code-generation models
- When integrating external tools or execution runtimes into an agent
- Prior to exposing model outputs to interpreters, templates, or databases
- After configuration changes to sandboxes, runtime permissions, or plugins
- To validate mitigations for template rendering and NL-to-SQL translators
Best practices
- Run tests in isolated environments with strict resource and network controls
- Cover multiple vectors: direct code payloads, template languages, and NL-to-SQL prompts
- Classify findings by severity and reproduce with minimal payloads for developer triage
- Combine static detection (pattern matching) with dynamic checks (execution outcomes)
- Test variations: obfuscation, encoding, chained actions, and tool-chaining scenarios
Example use cases
- Probe an agent that can run Python snippets to detect sandbox escapes and arbitrary command execution
- Validate that a Jinja2-rendered web endpoint blocks server-side template injection payloads
- Assess an NL-to-SQL translator for semantic injections that exfiltrate schema or run destructive statements
- Test tool-chaining agents that can call file_read, http_post, or shell tools for data exfiltration risks
- Measure efficacy of output filtering by attempting obfuscated payloads and encoding bypasses
FAQ
Yes—tests can include payloads that attempt execution. Always run them in controlled, isolated environments with no external network access and minimal privileges.
How are severities assigned?
Severity maps to impact: CRITICAL for arbitrary code execution, sandbox escape, or DB compromise; HIGH for file or limited execution; MEDIUM/LOW for filtered or theoretical issues.
Can this test generate false positives?
Yes. Use minimal reproducer payloads and corroborate dynamic evidence (side effects, returned output) to reduce false positives.