Summary
This is a security testing skill for finding XSS and HTML injection vulnerabilities in web applications. It covers all three major attack vectors: stored, reflected, and DOM-based XSS. You'll need Burp Suite or browser dev tools, test accounts, and a solid understanding of JavaScript execution contexts and DOM manipulation. The skill walks you through systematic injection testing, session hijacking demonstrations, and validating whether input sanitization actually works. Originally from sickn33/antigravity-awesome-skills, now maintained in davila7's template collection. Useful if you're doing penetration testing or security assessments, though the Snyk audit failed while other security checks passed, so review the code before running it against production systems.
Install to Claude Code
npx -y skills add davila7/claude-code-templates --skill "Cross-Site Scripting and HTML Injection Testing" --agent claude-codeInstalls into .claude/skills of the current project.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Files
SKILL.md
Select a file.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
