SKILL: Ghost Bits / Cast Attack — Java char to byte Narrowing Playbook AI LOAD INSTRUCTION : This is a Java-only injection-enabling primitive, not a standalone vulnerability class. Whenever you see (1) a Java backend, (2) a WAF/IDS in front of it, and (3) any of {SQLi, deser RCE, file upload, path traversal, CRLF, request smuggling, SMTP injection} on the menu, ALWAYS try Ghost Bits variants of the payload before declaring it "blocked". The root cause is the silent loss of the high 8 bits when Java code narrows a 16-bit to an 8-bit — the WAF sees a harmless Unicode character, the backend reco…