PluginBench
Skill
Fail
Audit score 45

injection-checking

yaklang/hack-skills

How to install injection-checking

npx skills add https://github.com/yaklang/hack-skills --skill injection-checking
Claude Code
Cursor
Windsurf
Cline
Full instructions (SKILL.md)

Source of truth, from yaklang/hack-skills.


name: injection-checking description: >- Entry P1 category router for injection testing. Use when routing between XSS, SQLi, SSRF, XXE, SSTI, command injection, and NoSQL injection workflows based on how attacker-controlled input is consumed.

Injection Testing Router

This is the routing entry point when input reaches a dangerous interpreter or execution environment.

After confirming this is an injection-class issue, use it to decide whether it is mainly browser context, database, template engine, server-side requests, XML parsing, or system commands.

When to Use

  • Input reaches HTML, JS, SQL, templates, URL fetchers, XML parsers, or shell
  • You have not yet decided whether to start with XSS, SQLi, SSRF, XXE, SSTI, CMDi, or NoSQL
  • You need to choose the correct deep-topic skill based on input flow

Skill Map

Recommended Flow

  1. First identify the final sink of the input
  2. Then choose the topic skill that best matches that interpreter
  3. Small payload samples and quick triage are merged into each main skill; no extra payload router is needed

Related Categories