Back to Details

competition-agent-cloud

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Competition Agent Cloud

竞赛Agent云

Use this skill only as a downstream specialization after 
$ctf-sandbox-orchestrator
is already active and has established sandbox assumptions, node ownership, and evidence priorities. If that has not happened yet, return to 
$ctf-sandbox-orchestrator
first.
Use this skill when the challenge path is driven by prompt-to-tool execution, retrieval and memory boundaries, deployment drift, or build and release provenance.
Reply in Simplified Chinese unless the user explicitly requests English.
仅可在 
$ctf-sandbox-orchestrator
已激活并建立沙箱假设、节点所有权和证据优先级之后,作为下游专项技能使用。如果还未完成上述步骤,请先返回 
$ctf-sandbox-orchestrator
当挑战路径涉及 prompt-to-tool 执行、检索与内存边界、部署漂移或构建发布溯源场景时使用本技能。
除非用户明确要求英文回复,否则请使用简体中文回复。

Quick Start

快速开始

  1. Decide whether the dominant path is agentic or infrastructure-driven.
  2. Map one minimal control chain: untrusted input -> visible context -> tool or deployment side effect.
  3. Distinguish checked-in intent from live runtime truth.
  4. Keep prompts, tool args, manifests, mounts, and provenance steps in compact evidence blocks.
  5. Reproduce the exploit or misconfiguration with minimal context and minimal instrumentation.
  1. 判断主流路径是 agentic 还是基础设施驱动。
  2. 梳理出一条最小控制链:不可信输入 -> 可见上下文 -> 工具或部署副作用。
  3. 区分提交的预期配置与实际运行时的真实状态。
  4. 将 prompts、工具参数、清单、挂载配置和溯源步骤整理为精简的证据块。
  5. 使用最小上下文和最少 instrumentation 复现漏洞利用或错误配置。

Workflow

工作流

1. Agent And Prompt Injection

1. Agent 与 Prompt 注入

  • Treat prompts, tool schemas, retrieved chunks, planner notes, memory files, and handoffs as challenge artifacts.
  • Prove one minimal chain from untrusted content to model-visible instruction to tool side effect.
  • Distinguish claimed capability from runtime-exposed capability.
  • 将 prompts、工具 schema、检索块、规划器笔记、内存文件和交接内容视为挑战制品。
  • 证明从不可信内容到模型可见指令再到工具副作用的最小链路。
  • 区分声明的能力与运行时实际暴露的能力。

2. Cloud, Containers, And CI/CD

2. 云、容器与 CI/CD

  • Split build-time, deploy-time, and runtime.
  • Reconcile compose or kube manifests with live mounts, env, logs, and traffic.
  • Trace provenance from source to dependency resolution to build to publish to runtime consumer.
  • 拆分构建阶段、部署阶段和运行阶段。
  • 比对 compose 或 kube 清单与实际运行的挂载配置、环境变量、日志和流量是否一致。
  • 追踪从源码到依赖解析到构建到发布到运行时消费者的全链路溯源。

Read This Reference

参考说明

  • Load 
    references/agent-cloud.md
    for the control-stack checklist, deployment-truth checklist, and evidence packaging.
  • If the task is specifically about prompt-boundary abuse or retrieved-content-to-tool drift, prefer 
    $competition-prompt-injection
    .
  • If the task is specifically about CI, dependency provenance, registry drift, or shipped artifacts, prefer 
    $competition-supply-chain
    .
  • If the task is specifically about queue payloads, async worker drift, retries, or worker-only runtime state, prefer 
    $competition-queue-worker-drift
    .
  • If the task is specifically about SSRF to internal control surfaces, metadata endpoints, or metadata-derived token pivots, prefer 
    $competition-ssrf-metadata-pivot
    .
  • If the task is specifically about proxy-upstream parse differentials, ambiguous headers, path normalization drift, or request smuggling behavior, prefer 
    $competition-request-normalization-smuggling
    .
  • If the task is specifically about metadata-service access, instance or workload identity, link-local token paths, or metadata-derived privilege, prefer 
    $competition-cloud-metadata-path
    .
  • If the task is specifically about kube API permissions, service-account trust, admission behavior, controller drift, or cluster secret exposure, prefer 
    $competition-k8s-control-plane
    .
  • If the task is specifically about live mounts, sidecars, init containers, or runtime-only secret exposure, prefer 
    $competition-container-runtime
    .
  • If the task is specifically about container-to-host boundary crossing, kernel-surface prerequisites, or escape primitive verification, prefer 
    $competition-kernel-container-escape
    .
  • 加载 
    references/agent-cloud.md
    查看控制栈检查清单、部署真实性检查清单和证据打包规范。
  • 如果任务明确涉及 prompt 边界滥用或检索内容到工具的漂移,请优先使用 
    $competition-prompt-injection
  • 如果任务明确涉及 CI、依赖溯源、镜像仓库漂移或发布制品,请优先使用 
    $competition-supply-chain
  • 如果任务明确涉及队列 payload、异步 worker 漂移、重试或仅 worker 侧的运行时状态,请优先使用 
    $competition-queue-worker-drift
  • 如果任务明确涉及指向内部控制面、元数据端点的 SSRF,或元数据派生的令牌跳转,请优先使用 
    $competition-ssrf-metadata-pivot
  • 如果任务明确涉及代理上游解析差异、歧义 header、路径归一化漂移或请求走私行为,请优先使用 
    $competition-request-normalization-smuggling
  • 如果任务明确涉及元数据服务访问、实例或工作负载身份、链路本地令牌路径或元数据派生的权限,请优先使用 
    $competition-cloud-metadata-path
  • 如果任务明确涉及 kube API 权限、服务账户信任、准入行为、控制器漂移或集群密钥泄露,请优先使用 
    $competition-k8s-control-plane
  • 如果任务明确涉及实时挂载、sidecar、init 容器或仅运行时的密钥泄露,请优先使用 
    $competition-container-runtime
  • 如果任务明确涉及容器到主机的边界穿越、内核面前提条件或逃逸原语验证,请优先使用 
    $competition-kernel-container-escape

What To Preserve

需要留存的内容

  • Prompt snippets, retrieved chunks, planner transitions, and final tool args
  • Compose or Kubernetes fragments tied to live mounts or routes
  • Artifact hashes, dependency drift, CI steps, and the resulting runtime consumer
  • Prompt 片段、检索块、规划器转换记录和最终工具参数
  • 与实时挂载或路由绑定的 Compose 或 Kubernetes 片段
  • 制品哈希、依赖漂移、CI 步骤和对应的运行时消费者