Repository inventory

jcastillotx/vibe-skeleton-app

Skills indexed from this repository, with install-style signals scoped to the repo.
8 skills0 GitHub stars0 weekly installsJavaScriptGitHubOwner profile

Overview

This skill describes a structured approach for assessing client-side injection risks like cross-site scripting (XSS) and HTML injection in web applications. It focuses on safe detection, classification, and remediation guidance rather than providing exploit recipes. Use it to evaluate input handling, output encoding, and client-side code that may introduce injection flaws.

How this skill works

The skill guides a tester through discovery, confirmation, and reporting phases: identify where user input is reflected or stored, determine whether issues are server-side, reflected, or DOM-based, and validate findings with controlled, non-destructive checks. It emphasizes use of browser developer tools, request inspection, and safe proof-of-concept techniques that avoid exfiltrating real user data.

When to use it

  • During security assessments of web applications with user inputs
  • When validating fixes for XSS or HTML injection reports
  • Before deployment to verify frameworks and templating escape outputs
  • When reviewing client-side JavaScript that processes URL fragments or user-controlled data
  • When assessing Content Security Policy (CSP) and other browser defenses

Best practices

  • Obtain written authorization and define a clear testing scope before any testing
  • Avoid destructive payloads and do not exfiltrate real user data or credentials
  • Prefer non-persistent, observable tests; capture only metadata required for reproduction
  • Use browser consoles, safe captive test accounts, and isolated staging environments where possible
  • Document reproduction steps, affected parameters, and recommended fixes (output encoding, input validation, CSP improvements)

Example use cases

  • Assessment of a comment system or user profile fields for persistent injection risks
  • Review of search and query parameters that reflect input into pages
  • Audit of single-page app code that inserts URL fragments or query values into the DOM
  • Validation of CSP and cookie attributes after a remediation patch
  • Pre-release security checklist for templating and client-side rendering changes

FAQ

Only with explicit written authorization and a narrowly defined scope. Prefer staging environments for intrusive checks.

How should findings be reported?

Provide clear reproduction steps, the affected parameter/location, the XSS type (stored/reflected/DOM), impact assessment, and remediation suggestions like escaping, sanitization, and CSP recommendations.

What mitigations are most effective?

Consistently escape output based on context (HTML, attribute, JS), minimize use of dangerous sinks, enforce CSP, and mark sensitive cookies HttpOnly and Secure.

8 skills

xss-html-injection
Debugging

This skill helps you identify and demonstrate XSS vulnerabilities in web apps, guiding safe testing and remediation with client-side injection techniques.

FrontendScriptingSecurityTesting+1
wordpress-best-practices
Api

This skill helps you apply WordPress best practices across plugins, themes, and blocks to improve security, performance, and reliability.

Code ReviewDatabaseDebuggingPerformance+2
supabase-best-practices
Api

This skill enforces Supabase best practices across security, schema design, authentication, real-time, edge functions, and performance for robust apps.

BackendDatabaseFullstackPerformance+2
laravel-best-practices
Api

This skill enforces Laravel best practices to optimize security, Eloquent, performance, API design, and testing across applications.

BackendPerformanceSecurityTesting+1
javascript-best-practices
Code Review

This skill helps you write and review JavaScript code by applying best-practice guidelines across performance, async patterns, security, and modern features.

DebuggingPerformanceSecurityJavascript
orchestrate
Automation

This skill guides you through a 12-phase development lifecycle, validating quality gates and advancing or navigating phases to ensure project readiness.

Ci CdMonitoringPlanningProduct+2
windows-privilege-escalation
Debugging

This skill guides systematic Windows privilege escalation, helping you enumerate defenses, harvest credentials, and obtain elevated access during authorized

DevopsScriptingSecurityJavascript
php-best-practices
Backend

This skill helps you write, review, and refactor PHP code by applying security, performance, and PSR-aligned best practices.

Code ReviewPerformanceRefactorSecurity+1
More from this maintainer
Other repositories and skills published under the same GitHub owner.
Skills library
Jump back to the full directory or explore grouped topics.
Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational