common-appsec-patterns_skill

This skill coordinates specialized agents to identify and validate XSS, injection, CSRF, and other web vulnerabilities across modern apps.
  • Python

42

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill transilienceai/communitytools --skill common-appsec-patterns

  • SKILL.md6.0 KB

Overview

This skill coordinates specialized testing agents to identify and validate common application security patterns such as XSS, injection flaws, CSRF, and other client-side risks. It orchestrates parallel or targeted subagents to produce repeatable findings, evidence, and actionable remediation guidance. The skill targets modern frameworks, traditional server-rendered apps, APIs, and rich-text platforms to cover OWASP Top 10 scenarios.

How this skill works

The coordinator launches dedicated subagents (for example, xss-tester) with context-aware prompts that perform discovery, payload crafting, and validation across input sinks. It consolidates findings into structured outputs (findings, evidence, reports) and can re-run or escalate specific tests for deeper validation. All exploitation and active testing are delegated to those specialized subagents; the coordinator manages orchestration and reporting.

When to use it

  • Comprehensive application security assessments covering OWASP Top 10 vectors
  • Targeted testing of client-side vulnerabilities in SPAs (React, Vue, Angular, Svelte)
  • Assessment of rich-text platforms for stored XSS and content sanitization issues
  • Validation of defenses such as CSP, Trusted Types, and sanitizers
  • Bug bounty triage and automated parallelization of repetitive test cases

Best practices

  • Start with non-executable markers and confirm input reflection before escalating payloads
  • Run tests across multiple browsers and rendering contexts to catch DOM-specific issues
  • Validate both client- and server-side protections, including CSP and sanitizer configuration
  • Document exact vulnerable code paths and provide concrete remediation patterns
  • Re-run focused agents to validate fixes and to obtain reproducible evidence

Example use cases

  • Launch a comprehensive XSS assessment across an entire web app to enumerate reflected, stored, and DOM-based vectors
  • Run targeted framework-focused tests on a React SPA to inspect dangerouslySetInnerHTML and DOM sinks
  • Validate CSP and Trusted Types enforcement after deploying new content-security headers
  • Scan a user-generated content platform for stored XSS in comments, profiles, and rich-text editors
  • Orchestrate parallel testing for multiple endpoints during a bug bounty triage

FAQ

Client-side testing is available via the xss-tester agent; additional agents for CSP, HTML injection, and framework-specific checks are planned.

How are findings delivered?

Findings are consolidated into structured outputs: JSON/MD reports, evidence artifacts, and exportable raw captures for triage and disclosure.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
common-appsec-patterns skill by transilienceai/communitytools | VeilStrat