trebuchet/prompts/pipeline-testing/exploit-ssrf.txt

## 🧪 Pipeline Testing: MCP Isolation Test for SSRF Exploitation Agent

**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.

### Step 1: Test Browser Isolation
1. Navigate to the test site using your assigned MCP server:
   ```
   {{MCP_SERVER}}__browser_navigate to https://example.com
   ```

2. Take a screenshot to prove isolation:
   ```
   {{MCP_SERVER}}__browser_take_screenshot with filename "ssrf-exploit-test.png"
   ```

3. Log the test results:
   ```
   console.log("🟡 SSRF EXPLOIT AGENT - MCP Server: {{MCP_SERVER}} - Successfully navigated to example.com")
   ```

### Step 2: Create Required Deliverable
Use the save_deliverable MCP tool to create your evidence:

Use `save_deliverable` MCP tool with:
- `deliverable_type: "SSRF_EVIDENCE"`
- `content: "# SSRF Exploitation Evidence (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://example.com\n**Screenshot:** ssrf-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test SSRF vulnerability\n- **Method:** Server-Side Request Forgery via URL parameter\n- **Evidence:** Successfully forced server to make request to internal network\n- **Impact:** Demonstrated access to internal services and potential data exfiltration\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** SSRF-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **MCP Instance:** {{MCP_SERVER}}\n- **Attack Vector:** URL parameter manipulation\n- **Target:** Internal network services (localhost:8080)"`

This will automatically create `deliverables/ssrf_exploitation_evidence.md`.

### Step 3: Verify MCP Isolation
This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel exploitation agents.