Can I control the volume and complexity of the generated tests?

Yes, use the --depth flag to choose between quick boundary checks, standard context-aware inputs, and expert-level adversarial payloads.

Does this skill perform actual penetration testing?

No, it generates the test inputs and payloads. You must integrate these into your own test harness or execute them to verify application behavior.

What formats are supported for the generated test cases?

The skill defaults to structured JSON for easy integration with automated tools, but can also output human-readable text for manual review.

What types of vulnerabilities does the Fuzz skill target?

It generates payloads for SQL injection, XSS, command injection, path traversal, SSRF, XXE, and more, based on how your code handles input downstream.

How does it know which inputs to test?

It performs static analysis on your codebase to find API handlers, file parsers, and database queries, identifying the specific data types and constraints expected.

Fuzz Test Generation

Name: Fuzz Test Generation
Author: florianbuetow

byflorianbuetow

•

Security & Testing

Generates intelligent, context-aware fuzz test inputs and security test cases by analyzing application input parsers and data handlers.

The Fuzz skill empowers developers to proactively secure their applications by generating sophisticated test inputs tailored to their specific code logic. By analyzing API endpoints, file parsers, and database query builders, it identifies potential vulnerabilities like SQL injection, XSS, and path traversal. It produces a structured set of boundary values, type confusion inputs, and encoding edge cases in JSON format, ready to be integrated into existing test harnesses for robust security validation and automated regression testing.

Key Features

01Configurable testing depths from quick checks to expert adversarial inputs

02Structured JSON output ready for integration with test harnesses

03Automated identification of input handlers and parsers in source code

04Generation of context-aware injection payloads for SQL, Shell, and XSS

056 GitHub stars

06Detection of boundary value and type confusion edge cases

Use Cases

01Generating security test cases for new API endpoints and backend services

02Automating edge-case input creation for complex file and message parsers

03Bypassing custom validation logic with adversarial encoding and mutation attacks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add florianbuetow/claude-code fuzz

For use in Claude.ai and ChatGPT

Download Skill