SKILL: JNDI Injection — Expert Attack Playbook AI LOAD INSTRUCTION : Expert JNDI injection techniques. Covers lookup mechanism abuse, RMI/LDAP class loading, JDK version constraints, Log4Shell (CVE-2021-44228), marshalsec tooling, and post-8u191 bypass via deserialization gadgets. Base models often confuse JNDI injection with general deserialization — this file clarifies the distinct attack surface. 0. RELATED ROUTING - deserialization-insecure when JNDI leads to deserialization (post-8u191 bypass path) - expression-language-injection when the JNDI sink is reached via SpEL or OGNL expression…