Does it provide remediation advice?

Beyond exploitation, the skill offers detailed remediation recommendations, including specific output encoding techniques and Content Security Policy configurations.

Is this skill suitable for automated security scanning?

While it provides the payloads and logic, it is best used as a guided manual assessment tool within Claude Code to investigate specific application logic that automated scanners might miss.

What are the prerequisites for using this skill?

Users should have authorized access to the target application, basic knowledge of the DOM and JavaScript, and tools like Burp Suite or browser developer tools for analysis.

Can this skill help bypass Content Security Policies (CSP)?

Yes, it includes specific techniques for identifying CSP weaknesses and utilizing payloads designed to bypass common filter configurations.

What types of XSS vulnerabilities does this skill cover?

The skill provides comprehensive techniques for detecting and exploiting Stored, Reflected, and DOM-based XSS vulnerabilities, as well as various forms of HTML injection.

XSS and HTML Injection Testing

Name: XSS and HTML Injection Testing
Author: claudiodearaujo

byclaudiodearaujo

•

セキュリティとテスト

Conducts systematic security audits to identify and exploit Cross-Site Scripting and HTML injection vulnerabilities in web applications.

This skill empowers developers and security researchers to perform comprehensive client-side injection assessments within the Claude Code environment. It covers the full lifecycle of vulnerability management, from identifying reflection points and determining XSS types—including Stored, Reflected, and DOM-based—to crafting advanced payloads and testing filter bypasses. By providing systematic workflows for session hijacking demonstrations and credential theft proof-of-concepts, it helps teams validate input sanitization, output encoding, and strengthen Content Security Policies (CSP) against real-world attack vectors.

主な機能

01Remediation guidance including CSP configuration and sanitization best practices

02Comprehensive workflows for Stored, Reflected, and DOM-based XSS detection

03Advanced filter bypass techniques using encoding and JavaScript obfuscation

04Automated identification of input reflection points across web forms and headers

05Templates for session hijacking and phishing proof-of-concept demonstrations

061 GitHub stars

ユースケース

01Demonstrating the security impact of unencoded user input to stakeholders

02Performing penetration tests on web application input fields and API endpoints

03Validating the effectiveness of web application firewalls and security headers

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro xss-html-injection

For use in Claude.ai and ChatGPT

Download Skill