Is your feature request related to a problem? Please describe.
Strix covers web and infra vulnerabilities well but has no skills for the AI/LLM
application attack surface, where untrusted external inputs manipulate a model
through the content it ingests. Based on research, I wrote a piece on this attack surface a few
months ago (https://hackernoon.com/ai-apps-have-a-new-attack-surface-external-inputs),
and the same classes are now shipping in production apps that Strix cannot
currently reach: targets increasingly ship RAG pipelines and tool-calling agents
with none of it covered. report/sarif.py already fingerprints prompt injection
in _VULN_CLASS_KEYWORDS, but no skill exists to actually detect or validate it,
and no other AI class is covered.
Describe the solution you'd like
New skills covering the AI/LLM vulnerability points:
Plus a recon skill to fingerprint LLM / RAG / agent / MCP stacks so scans route
into the above. Insertion points: new files under skills/vulnerabilities/ (or a
new skills/ai/ category), any dedicated tooling wired into _BASE_TOOLS in
agents/factory.py, and _VULN_CLASS_KEYWORDS additions in report/sarif.py
for the classes not already listed.
Describe alternatives you've considered
- Folding these into existing skills (e.g. injection): rejected, as the discovery
and validation methods differ enough to warrant their own skills.
- A dedicated
skills/ai/ category vs skills/vulnerabilities/: open question,
happy to follow maintainer preference.
Additional context
Open questions for alignment:
skills/vulnerabilities/ or a dedicated skills/ai/ category?
- Stack fingerprinting as a standalone tool, or just a skill?
- Preferred naming for the new AI classes in
_VULN_CLASS_KEYWORDS?
Happy to implement. If there is appetite I will open a first PR with a single
prompt_injection.md skill in the existing vuln-skill format as a proof of
shape, then land the rest one skill per PR against the checklist above. Keen to
align on the questions before I start.
Is your feature request related to a problem? Please describe.
Strix covers web and infra vulnerabilities well but has no skills for the AI/LLM
application attack surface, where untrusted external inputs manipulate a model
through the content it ingests. Based on research, I wrote a piece on this attack surface a few
months ago (https://hackernoon.com/ai-apps-have-a-new-attack-surface-external-inputs),
and the same classes are now shipping in production apps that Strix cannot
currently reach: targets increasingly ship RAG pipelines and tool-calling agents
with none of it covered.
report/sarif.pyalready fingerprintsprompt injectionin
_VULN_CLASS_KEYWORDS, but no skill exists to actually detect or validate it,and no other AI class is covered.
Describe the solution you'd like
New skills covering the AI/LLM vulnerability points:
Plus a recon skill to fingerprint LLM / RAG / agent / MCP stacks so scans route
into the above. Insertion points: new files under
skills/vulnerabilities/(or anew
skills/ai/category), any dedicated tooling wired into_BASE_TOOLSinagents/factory.py, and_VULN_CLASS_KEYWORDSadditions inreport/sarif.pyfor the classes not already listed.
Describe alternatives you've considered
and validation methods differ enough to warrant their own skills.
skills/ai/category vsskills/vulnerabilities/: open question,happy to follow maintainer preference.
Additional context
Open questions for alignment:
skills/vulnerabilities/or a dedicatedskills/ai/category?_VULN_CLASS_KEYWORDS?Happy to implement. If there is appetite I will open a first PR with a single
prompt_injection.mdskill in the existing vuln-skill format as a proof ofshape, then land the rest one skill per PR against the checklist above. Keen to
align on the questions before I start.