This skill should be used when the user asks about "sandbox escape", "vm escape", "template injection to RCE", "SSTI exploitation", "vm2 bypass", "restricted execution bypass", "sandbox breakout", or needs to identify sandbox escape and template engine exploitation techniques during whitebox pentesting.
From vuln-scoutnpx claudepluginhub allsmog/vuln-scout --plugin vuln-scoutThis skill uses the workspace's default tool permissions.
nodejs-sandbox-escape.mdpython-sandbox-escape.mdruby-sandbox-escape.mdDesigns and optimizes AI agent action spaces, tool definitions, observation formats, error recovery, and context for higher task completion rates.
Enables AI agents to execute x402 payments with per-task budgets, spending controls, and non-custodial wallets via MCP tools. Use when agents pay for APIs, services, or other agents.
Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.
Techniques for escaping restricted execution environments and exploiting template engines across Node.js, Python, and Ruby.
Activate this skill during:
vm, eval, or template engines process user inputnodejs-sandbox-escape.md -- vm module bypass, vm2 CVEs, EJS/Pug injection, prototype pollution to RCEpython-sandbox-escape.md -- Jinja2 SSTI, Mako exploitation, serialization attacks, RestrictedPython bypassruby-sandbox-escape.md -- ERB injection, Slim/Haml exploitation, $SAFE bypasses, Marshal deserialization