Jeden Skill in Manus ausführen
mit einem Klick

Jeden Skill in Manus mit einem Klick ausführen

$pwd:

sast-injection-testing

Name: Sast Injection Testing
Author: anshumanbh

// Investigate injection vulnerabilities in source code including SQL injection, XSS, and command injection. Use when threat model identifies CWE-89 (SQL Injection), CWE-79 (XSS), CWE-78 (OS Command Injection), or injection concerns.

In Manus ausführen

$ git log --oneline --stat

stars:17

forks:6

updated:18. Dezember 2025 um 18:46

SKILL.md

readonly

name	sast-injection-testing
description	Investigate injection vulnerabilities in source code including SQL injection, XSS, and command injection. Use when threat model identifies CWE-89 (SQL Injection), CWE-79 (XSS), CWE-78 (OS Command Injection), or injection concerns.
allowed-tools	Read, Grep, Glob

SAST Injection Testing Skill

Purpose

Investigate injection vulnerabilities by tracing:

User input sources (requests, forms, files)
Data flow from input to dangerous sinks
Sanitization/validation along the path
Dangerous function calls with user data

Vulnerability Types Covered

1. SQL Injection (CWE-89)

User input directly inserted into SQL queries.

Dangerous Patterns:

# String formatting in queries
query = f"SELECT * FROM users WHERE id = {user_id}"
cursor.execute("SELECT * FROM users WHERE name = '%s'" % name)

# String concatenation
sql = "SELECT * FROM users WHERE id = " + request.args.get('id')

Safe Patterns:

# Parameterized queries
cursor.execute("SELECT * FROM users WHERE id = ?", (user_id,))
User.query.filter_by(id=user_id).first()

2. Cross-Site Scripting - XSS (CWE-79)

User input rendered in HTML without escaping.

Dangerous Patterns:

# Direct rendering without escaping
return f"<div>{user_input}</div>"
render_template_string(f"Hello {name}")

# Using |safe filter incorrectly
{{ user_input|safe }}

Safe Patterns:

# Template auto-escaping
render_template('page.html', name=name)
{{ user_input }}  # Auto-escaped by default
escape(user_input)

3. Command Injection (CWE-78)

User input passed to shell commands.

Dangerous Patterns:

# Direct shell execution
os.system(f"ping {host}")
subprocess.call(f"convert {filename}", shell=True)
os.popen(f"cat {file}")

Safe Patterns:

# Using arrays (no shell)
subprocess.run(["ping", host], shell=False)
# Input validation
if not re.match(r'^[\w.-]+$', host):
    raise ValueError("Invalid host")

4. Path Traversal (CWE-22)

User input used to construct file paths.

Dangerous Patterns:

open(f"/uploads/{filename}")
os.path.join(base_dir, user_path)  # Without validation

Investigation Methodology

Step 1: Find Input Sources

Search for user input entry points:

Patterns: request.args, request.form, request.json
          request.get, request.data, request.files
          @app.route, def handle_

Step 2: Trace to Dangerous Sinks

Find dangerous functions receiving input:

SQL: execute(, raw(, cursor., .query(
XSS: render_template_string, Markup(, |safe
CMD: os.system, subprocess., os.popen, eval(
Path: open(, os.path.join, read_file

Step 3: Check Sanitization

Look for validation/sanitization:

Patterns: escape(, sanitize(, validate(
          bleach., html.escape, quote(
          parameterized, prepared

Step 4: Verify Data Flow

Trace the complete path:

Where does user input enter?
Is it validated/sanitized?
Does it reach a dangerous sink?

Step 5: Cross-Reference with Org

Use github_org_code_search to find:

Similar patterns in other services
Shared validation libraries
Common injection points

Classification Criteria

TRUE_POSITIVE:

User input reaches dangerous sink without sanitization
Parameterization is not used for SQL
Command constructed with user input

FALSE_POSITIVE:

Proper parameterization/escaping exists
Input is validated before use
Dangerous function not reachable with user data

UNVALIDATED:

Sanitization happens in external library
Complex data flow spanning multiple files

Output Format

### Verdict
- **verdict**: TRUE_POSITIVE or FALSE_POSITIVE
- **confidence_score**: 1-10
- **risk_level**: LOW, MEDIUM, HIGH, or CRITICAL

### Evidence
- **Location**: file:line
- **Injection Type**: SQL/XSS/Command/Path
- **Data Flow**: source → sink
- **Code**: Relevant code snippet

### Proof of Concept
Example malicious input that would exploit this:

[Payload example]


### Recommendations
- [Specific fix with code example]

CWE Mapping

CWE-89: SQL Injection
CWE-79: Cross-site Scripting (XSS)
CWE-78: OS Command Injection
CWE-22: Path Traversal
CWE-94: Code Injection

Safety Rules

Only analyze code in the repository provided
Do not attempt to exploit or test against live systems
Redact any sensitive data from evidence

related-skills.json

gleiches Repository

sast-authentication-testing.md

from "anshumanbh/vulnvibes"

Investigate authentication vulnerabilities in source code including missing authentication, weak authentication, and session management issues. Use when threat model identifies CWE-287 (Improper Authentication), CWE-384 (Session Fixation), CWE-306 (Missing Authentication), or authentication concerns.

2025-12-1817

sast-authorization-testing.md

from "anshumanbh/vulnvibes"

Investigate authorization vulnerabilities in source code including IDOR, privilege escalation, and missing access controls. Use when threat model identifies CWE-639 (IDOR), CWE-862 (Missing Authorization), CWE-863 (Incorrect Authorization), CWE-269 (Privilege Escalation), or access control concerns.

2025-12-1817

sast-browser-security-testing.md

from "anshumanbh/vulnvibes"

Investigate browser security vulnerabilities including CORS misconfiguration, CSRF, clickjacking, and cookie security. Use when threat model identifies CWE-346 (Origin Validation), CWE-942 (Permissive CORS), CWE-352 (CSRF), CWE-1021 (Clickjacking), or browser security concerns.

2025-12-1817

sast-cryptography-testing.md

from "anshumanbh/vulnvibes"

Investigate cryptographic vulnerabilities in source code including weak algorithms, hardcoded secrets, and improper key management. Use when threat model identifies CWE-327 (Use of Broken Crypto), CWE-798 (Hardcoded Credentials), CWE-326 (Inadequate Encryption), or cryptography concerns.

2025-12-1817

sast-data-exposure-testing.md

from "anshumanbh/vulnvibes"

Investigate data exposure vulnerabilities in source code including PII leakage, sensitive data logging, and information disclosure. Use when threat model identifies CWE-200 (Information Exposure), CWE-532 (Sensitive Data in Logs), CWE-359 (Privacy Violation), or data exposure concerns.

2025-12-1817

sast-deserialization-testing.md

from "anshumanbh/vulnvibes"

Investigate insecure deserialization vulnerabilities that can lead to RCE or data manipulation. Use when threat model identifies CWE-502 (Deserialization of Untrusted Data), CWE-915 (Mass Assignment), or object deserialization concerns.

2025-12-1817

package.json

"author": "anshumanbh"

"repository": "anshumanbh/vulnvibes"

GitHub-Repository öffnen Creator-Repositorys ansehen

$ install --global

$ download --local

In Manus ausführen

$ useful --forSOC

InformationssicherheitsanalystenInformatik- und Mathematikberufe15-1212L4

name	sast-injection-testing
description	Investigate injection vulnerabilities in source code including SQL injection, XSS, and command injection. Use when threat model identifies CWE-89 (SQL Injection), CWE-79 (XSS), CWE-78 (OS Command Injection), or injection concerns.
allowed-tools	Read, Grep, Glob

SAST Injection Testing Skill

Purpose

Investigate injection vulnerabilities by tracing:

User input sources (requests, forms, files)
Data flow from input to dangerous sinks
Sanitization/validation along the path
Dangerous function calls with user data

Vulnerability Types Covered

1. SQL Injection (CWE-89)

User input directly inserted into SQL queries.

Dangerous Patterns:

# String formatting in queries
query = f"SELECT * FROM users WHERE id = {user_id}"
cursor.execute("SELECT * FROM users WHERE name = '%s'" % name)

# String concatenation
sql = "SELECT * FROM users WHERE id = " + request.args.get('id')

Safe Patterns:

# Parameterized queries
cursor.execute("SELECT * FROM users WHERE id = ?", (user_id,))
User.query.filter_by(id=user_id).first()

2. Cross-Site Scripting - XSS (CWE-79)

User input rendered in HTML without escaping.

Dangerous Patterns:

# Direct rendering without escaping
return f"<div>{user_input}</div>"
render_template_string(f"Hello {name}")

# Using |safe filter incorrectly
{{ user_input|safe }}

Safe Patterns:

# Template auto-escaping
render_template('page.html', name=name)
{{ user_input }}  # Auto-escaped by default
escape(user_input)

3. Command Injection (CWE-78)

User input passed to shell commands.

Dangerous Patterns:

# Direct shell execution
os.system(f"ping {host}")
subprocess.call(f"convert {filename}", shell=True)
os.popen(f"cat {file}")

Safe Patterns:

# Using arrays (no shell)
subprocess.run(["ping", host], shell=False)
# Input validation
if not re.match(r'^[\w.-]+$', host):
    raise ValueError("Invalid host")

4. Path Traversal (CWE-22)

User input used to construct file paths.

Dangerous Patterns:

open(f"/uploads/{filename}")
os.path.join(base_dir, user_path)  # Without validation

Investigation Methodology

Step 1: Find Input Sources

Search for user input entry points:

Patterns: request.args, request.form, request.json
          request.get, request.data, request.files
          @app.route, def handle_

Step 2: Trace to Dangerous Sinks

Find dangerous functions receiving input:

SQL: execute(, raw(, cursor., .query(
XSS: render_template_string, Markup(, |safe
CMD: os.system, subprocess., os.popen, eval(
Path: open(, os.path.join, read_file

Step 3: Check Sanitization

Look for validation/sanitization:

Patterns: escape(, sanitize(, validate(
          bleach., html.escape, quote(
          parameterized, prepared

Step 4: Verify Data Flow

Trace the complete path:

Where does user input enter?
Is it validated/sanitized?
Does it reach a dangerous sink?

Step 5: Cross-Reference with Org

Use github_org_code_search to find:

Similar patterns in other services
Shared validation libraries
Common injection points

Classification Criteria

TRUE_POSITIVE:

User input reaches dangerous sink without sanitization
Parameterization is not used for SQL
Command constructed with user input

FALSE_POSITIVE:

Proper parameterization/escaping exists
Input is validated before use
Dangerous function not reachable with user data

UNVALIDATED:

Sanitization happens in external library
Complex data flow spanning multiple files

Output Format

### Verdict
- **verdict**: TRUE_POSITIVE or FALSE_POSITIVE
- **confidence_score**: 1-10
- **risk_level**: LOW, MEDIUM, HIGH, or CRITICAL

### Evidence
- **Location**: file:line
- **Injection Type**: SQL/XSS/Command/Path
- **Data Flow**: source → sink
- **Code**: Relevant code snippet

### Proof of Concept
Example malicious input that would exploit this:

[Payload example]


### Recommendations
- [Specific fix with code example]

CWE Mapping

CWE-89: SQL Injection
CWE-79: Cross-site Scripting (XSS)
CWE-78: OS Command Injection
CWE-22: Path Traversal
CWE-94: Code Injection

Safety Rules

Only analyze code in the repository provided
Do not attempt to exploit or test against live systems
Redact any sensitive data from evidence

sast-injection-testing

SAST Injection Testing Skill

Purpose

Vulnerability Types Covered

1. SQL Injection (CWE-89)

2. Cross-Site Scripting - XSS (CWE-79)

3. Command Injection (CWE-78)

4. Path Traversal (CWE-22)

Investigation Methodology

Step 1: Find Input Sources

Step 2: Trace to Dangerous Sinks

Step 3: Check Sanitization

Step 4: Verify Data Flow

Step 5: Cross-Reference with Org

Classification Criteria

Output Format

CWE Mapping

Safety Rules

Mehr aus diesem Repository

Mehr aus diesem Repository

SAST Injection Testing Skill

Purpose

Vulnerability Types Covered

1. SQL Injection (CWE-89)

2. Cross-Site Scripting - XSS (CWE-79)

3. Command Injection (CWE-78)

4. Path Traversal (CWE-22)

Investigation Methodology

Step 1: Find Input Sources

Step 2: Trace to Dangerous Sinks

Step 3: Check Sanitization

Step 4: Verify Data Flow

Step 5: Cross-Reference with Org

Classification Criteria

Output Format

CWE Mapping

Safety Rules