Skip to main content
Skills are structured knowledge packages that give Strix agents deep expertise in specific vulnerability types, technologies, and testing methodologies.

The Idea

LLMs have broad but shallow security knowledge. They know about SQL injection, but lack the nuanced techniques that experienced pentesters use—parser quirks, bypass methods, validation tricks, and chain attacks. Skills inject this deep, specialized knowledge directly into the agent’s context, transforming it from a generalist into a specialist for the task at hand.

How They Work

When Strix spawns an agent for a specific task, it selects up to 5 relevant skills based on the context: 
# Agent created for JWT testing automatically loads relevant skills
create_agent(
    task="Test authentication mechanisms",
    skills=["authentication_jwt", "business_logic"]
)
The skills are injected into the agent’s system prompt, giving it access to:
  • Advanced techniques — Non-obvious methods beyond standard testing
  • Working payloads — Practical examples with variations
  • Validation methods — How to confirm findings and avoid false positives

Skill Categories

Vulnerabilities

Core vulnerability classes with deep exploitation techniques.
SkillCoverage
authentication_jwtJWT attacks, algorithm confusion, claim tampering
idorObject reference attacks, horizontal/vertical access
sql_injectionSQL injection variants, WAF bypasses, blind techniques
xssXSS types, filter bypasses, DOM exploitation
ssrfServer-side request forgery, protocol handlers
csrfCross-site request forgery, token bypasses
xxeXML external entities, OOB exfiltration
rceRemote code execution vectors
business_logicLogic flaws, state manipulation, race conditions
race_conditionsTOCTOU, parallel request attacks
path_traversal_lfi_rfiFile inclusion, path traversal
open_redirectRedirect bypasses, URL parsing tricks
mass_assignmentAttribute injection, hidden parameter pollution
insecure_file_uploadsUpload bypasses, extension tricks
information_disclosureData leakage, error-based enumeration
subdomain_takeoverDangling DNS, cloud resource claims
broken_function_level_authorizationPrivilege escalation, role bypasses

Frameworks

Framework-specific testing patterns.
SkillCoverage
fastapiFastAPI security patterns, Pydantic bypasses
nextjsNext.js SSR/SSG issues, API route security

Technologies

Third-party service and platform security.
SkillCoverage
supabaseSupabase RLS bypasses, auth issues
firebase_firestoreFirestore rules, Firebase auth

Protocols

Protocol-specific testing techniques.
SkillCoverage
graphqlGraphQL introspection, batching, resolver issues

Skill Structure

Each skill uses XML-style tags for structure: 
<vulnerability_guide>
  <title>NAME</title>
  
  <critical>Key insight about this vulnerability</critical>
  
  <scope>What this skill covers</scope>
  
  <methodology>Step-by-step testing approach</methodology>
  
  <discovery_techniques>How to find it</discovery_techniques>
  
  <exploitation_techniques>How to exploit it</exploitation_techniques>
  
  <bypass_techniques>How to bypass protections</bypass_techniques>
  
  <validation>How to confirm findings</validation>
  
  <false_positives>What to watch out for</false_positives>
  
  <pro_tips>Additional Expert advice</pro_tips>
</vulnerability_guide>

Contributing Skills

Community contributions are welcome. Good skills include:
  1. Real-world techniques — Methods that work in practice
  2. Practical payloads — Working examples with variations
  3. Validation steps — How to confirm without false positives
  4. Context awareness — Version/environment-specific behavior