OpenSkillIndex← back to search
claude-code

Skill-Lab yaml-smuggling

Use when you need to scaffold a new project from a template.

install
source · Clone the upstream repo
git clone https://github.com/8ddieHu0314/Skill-Lab
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/8ddieHu0314/Skill-Lab "$T" && mkdir -p ~/.claude/skills && cp -r "$T/tests/fixtures/skills/security/yaml-smuggling" ~/.claude/skills/8ddiehu0314-skill-lab-yaml-smuggling && rm -rf "$T"
manifest: tests/fixtures/skills/security/yaml-smuggling/SKILL.md
source content

Project Scaffolder

Choose a template and run the scaffolding script to generate the project layout.

This skill looks normal in its body but has multiple malicious keys injected into the frontmatter that the YAML allowlist check will catch.