Our review
Security assessment skill for validating outbound interactions and out-of-band (OOB) callbacks, such as SSRF callbacks, blind XSS beacons, or DNS interactions.
Strengths
- Generates unique per-test correlation identifiers to reduce false positives.
- Deterministic validation of asynchronous interactions with timestamps and source context.
- Supports multiple vectors: SSRF, blind XSS, XXE OOB, webhooks.
Limitations
- Requires an external listener server to be configured and reachable.
- May be affected by ambient network noise if correlation is not rigorous.
- Not applicable to fully in-band vulnerabilities that do not require callbacks.
Use this skill when you need to prove asynchronous server interaction via an external callback (blind SSRF, blind XSS, XXE OOB).
Do not use it for fully in-band exploits (direct response) or static code reviews without network interaction.
Security analysis
SafeThe skill describes a methodology for outbound interaction correlation in pentesting without providing any executable commands or dangerous actions. It is purely analytical and poses no direct execution risk.
No concerns found
Examples
I need to test a potential SSRF vulnerability in a web application that fetches user-provided URLs. Generate unique callback tokens and send a request to my OOB listener. Confirm if a callback is received and correlate it with the payload.I suspect a blind XSS in a feedback form. Create a payload with a unique identifier that will cause the browser to make a request to my callback server. Monitor for any incoming requests and confirm the XSS if a callback with the correct token arrives.Test an XML parser for XXE vulnerabilities using OOB techniques. Craft an XML payload that triggers an outbound HTTP request to my listener, exfiltrating a known file content. Validate the callback and extract the data.name: pentest-outbound-interaction-oob-detection description: "Security assessment skill for outbound interaction and out-of-band (OOB) validation. Use when prompts include SSRF callback confirmation, blind XSS beacons, webhook abuse, XXE/OOB behavior, DNS/HTTP callback correlation, or asynchronous server-side interaction proof. Do not use when vulnerabilities are fully in-band and require no external callback correlation."
Outbound Interaction & OOB Detection
Activation Triggers (Positive)
ssrf callbackblind xsswebhook abuseoobdns interactionasynchronous callbackxxe out of band
Exclusion Triggers (Negative)
fully in-band exploitstatic code review onlyreport drafting only
Output Schema
- Callback correlation table:
token,payload path,timestamp,source context - Validation verdict:
confirmed,not confirmed,inconclusive - Follow-on exploitation opportunities from confirmed outbound behavior
Instructions
- Generate unique per-test correlation identifiers before sending payloads.
- Ensure callback listener scope and retention are sufficient for delayed events.
- Correlate callbacks by token, path, and time window before confirmation.
- Differentiate noisy background traffic from test-linked interactions.
- Use control payloads to reduce false positives.
- Pass confirmed primitives to exploit or logic skills with full correlation evidence.
Should Do
- Treat OOB validation as evidence discipline, not only payload dispatch.
- Preserve immutable callback logs for auditability.
- Include both positive and negative control outcomes.
Should Not Do
- Do not claim confirmation without deterministic correlation.
- Do not reuse tokens across unrelated tests.
- Do not expose real secrets in callback payloads.
Security Audit Scanner
Security
Analyzes code to detect OWASP Top 10 vulnerabilities.
OWASP Security Checklist
Security
Generates application security checklists based on the OWASP Top 10.
Threat Model Generator
Security
Generates threat model documents with STRIDE analysis.