Skip to main content
Run any Skill in Manus
with one click

crlf-and-header-injection

Stars2
Forks1
UpdatedJuly 9, 2026 at 12:42

SAST detection methodology for CRLF and header injection (CWE-93, CWE-113, CWE-117), including HTTP response splitting, Location/Set-Cookie header injection, log forging, SMTP/email (BCC) header injection, and Host header injection. Use when reviewing code that writes user input into HTTP headers, redirects, log lines, or email envelopes. Writes confirmed findings to findings/08-crlf-and-header-injection.md.

Installation

Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.

SKILL.md
readonly