Is your feature request related to a problem? Please describe.
Yes, here's why it is: As AI agents (LangChain, AutoGen, CrewAI, etc.) become more prevalent, a new attack vector is emerging: Cross-Modal Data Leaks. Currently, it doesn't look like Strix has a dedicated skill for identifying when an LLM agent uses prompt injection to exfiltrate its own internal credentials (like API keys) to an external sink via its tool usage.
Describe the solution you'd like
I would like to contribute a new offensive skill playbook to skills/vulnerabilities/ai_cross_modal_leak.md.
This skill will teach Strix agents how to:
- Identify if a target application has an agentic interface with tool access.
- Craft prompt injections aimed specifically at tool execution boundaries to force credential hops.
- Validate data exfiltration using benign webhook listeners.
Describe alternatives you've considered
I considered adding this as a custom script, but since Strix natively supports Markdown-based "Skills" for teaching the agent new vulnerabilities, adding this as a core vulnerability skill makes the most architectural sense.
Additional context
I recently built an open-source SAST tool called Scankii that statically defends against these exact cross-modal leaks. I have a deep understanding of how this attack vector works and have already drafted the offensive skill for Strix. I will open a Pull Request linking to this issue shortly!
Is your feature request related to a problem? Please describe.
Yes, here's why it is: As AI agents (LangChain, AutoGen, CrewAI, etc.) become more prevalent, a new attack vector is emerging: Cross-Modal Data Leaks. Currently, it doesn't look like Strix has a dedicated skill for identifying when an LLM agent uses prompt injection to exfiltrate its own internal credentials (like API keys) to an external sink via its tool usage.
Describe the solution you'd like
I would like to contribute a new offensive skill playbook to
skills/vulnerabilities/ai_cross_modal_leak.md.This skill will teach Strix agents how to:
Describe alternatives you've considered
I considered adding this as a custom script, but since Strix natively supports Markdown-based "Skills" for teaching the agent new vulnerabilities, adding this as a core vulnerability skill makes the most architectural sense.
Additional context
I recently built an open-source SAST tool called Scankii that statically defends against these exact cross-modal leaks. I have a deep understanding of how this attack vector works and have already drafted the offensive skill for Strix. I will open a Pull Request linking to this issue shortly!