Skip to content

[FEATURE] Add skill for AI Agent Cross-Modal Leaks (Prompt Injection Data Exfiltration) #678

Description

@ashp15205

Is your feature request related to a problem? Please describe.
Yes, here's why it is: As AI agents (LangChain, AutoGen, CrewAI, etc.) become more prevalent, a new attack vector is emerging: Cross-Modal Data Leaks. Currently, it doesn't look like Strix has a dedicated skill for identifying when an LLM agent uses prompt injection to exfiltrate its own internal credentials (like API keys) to an external sink via its tool usage.

Describe the solution you'd like
I would like to contribute a new offensive skill playbook to skills/vulnerabilities/ai_cross_modal_leak.md.
This skill will teach Strix agents how to:

  1. Identify if a target application has an agentic interface with tool access.
  2. Craft prompt injections aimed specifically at tool execution boundaries to force credential hops.
  3. Validate data exfiltration using benign webhook listeners.

Describe alternatives you've considered
I considered adding this as a custom script, but since Strix natively supports Markdown-based "Skills" for teaching the agent new vulnerabilities, adding this as a core vulnerability skill makes the most architectural sense.

Additional context
I recently built an open-source SAST tool called Scankii that statically defends against these exact cross-modal leaks. I have a deep understanding of how this attack vector works and have already drafted the offensive skill for Strix. I will open a Pull Request linking to this issue shortly!

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions