This skill should be used when the user asks to "test for XSS vulnerabilities", "perform cross-site scripting attacks", "identify HTML injection flaws", "exploit client-side injection vulnerabilities", "steal cookies via XSS", or "bypass content security policies". It provides comprehensive techniques for detecting, exploiting, and understanding XSS and HTML injection attack vectors in web applications.
8.1
Rating
0
Installs
Security
Category
This is a comprehensive and well-structured XSS/HTML injection testing skill with excellent task knowledge. The description clearly covers when to invoke the skill with specific trigger phrases. The content provides extensive payloads, techniques, bypass methods, and practical examples that would be difficult for a CLI agent to generate from scratch. The structure is logical with clear phases, quick reference tables, and troubleshooting guidance. The skill demonstrates strong technical depth across stored, reflected, and DOM-based XSS variants, plus filter bypass techniques and CSP evasion. Novelty is moderate as XSS testing is a well-established domain, but the comprehensive payload collection, bypass techniques, and structured workflow do provide meaningful value over ad-hoc CLI attempts. Minor improvement areas: the SKILL.md is somewhat lengthy and could potentially benefit from splitting advanced bypass techniques into separate reference files, though the current single-file approach remains manageable and well-organized with clear sections.
davila7
Skill Author
Loading SKILL.md…
