SKILL: Dangling Markup Injection — Exfiltration Without JavaScript AI LOAD INSTRUCTION : Covers dangling markup exfiltration via unclosed img/form/base/meta/link/table tags, what can be stolen (CSRF tokens, pre-filled form values, sensitive content), browser-specific behavior, and combinations with other attacks. Base models often overlook this technique entirely when CSP blocks scripts, jumping to "not exploitable" — dangling markup is the answer. 0. RELATED ROUTING - xss-cross-site-scripting when full XSS is possible (no need for dangling markup) - csp-bypass-advanced when CSP blocks JS exe…