---
name: pentest-outbound-interaction-oob-detection
description: "Security assessment skill for outbound interaction and out-of-band (OOB) validation. Use when prompts include SSRF callback confirmation, blind XSS beacons, webhook abuse, XXE/OOB behavior, DNS/HTTP callback correlation, or asynchronous server-side interaction proof. Do not use when vulnerabilities are fully in-band and require no external callback correlation."
---

# Outbound Interaction & OOB Detection

## Activation Triggers (Positive)
- `ssrf callback`
- `blind xss`
- `webhook abuse`
- `oob`
- `dns interaction`
- `asynchronous callback`
- `xxe out of band`

## Exclusion Triggers (Negative)
- `fully in-band exploit`
- `static code review only`
- `report drafting only`

## Output Schema
- Callback correlation table: `token`, `payload path`, `timestamp`, `source context`
- Validation verdict: `confirmed`, `not confirmed`, `inconclusive`
- Follow-on exploitation opportunities from confirmed outbound behavior

## Instructions
1. Generate unique per-test correlation identifiers before sending payloads.
2. Ensure callback listener scope and retention are sufficient for delayed events.
3. Correlate callbacks by token, path, and time window before confirmation.
4. Differentiate noisy background traffic from test-linked interactions.
5. Use control payloads to reduce false positives.
6. Pass confirmed primitives to exploit or logic skills with full correlation evidence.

## Should Do
- Treat OOB validation as evidence discipline, not only payload dispatch.
- Preserve immutable callback logs for auditability.
- Include both positive and negative control outcomes.

## Should Not Do
- Do not claim confirmation without deterministic correlation.
- Do not reuse tokens across unrelated tests.
- Do not expose real secrets in callback payloads.