Skip to main content
Ejecuta cualquier Skill en Manus
con un clic
Repositorio de GitHub

ghsa-skill-builder

ghsa-skill-builder contiene 28 skills recopiladas de yhy0, con cobertura ocupacional por repositorio y páginas de detalle dentro del sitio.

skills recopiladas
28
Stars
74
actualizado
2026-03-14
Forks
11
Cobertura ocupacional
2 categorías ocupacionales · 100% clasificado
explorador de repositorios

Skills en este repositorio

ghsa-skill-builder
Analistas de seguridad de la información

Use when building or updating vulnerability pattern Skills from multiple sources: GitHub Security Advisories (GHSA), HackerOne Hacktivity, or NVD. Triggers on keywords: GHSA, CVE, vulnerability skill, vuln pattern, update skills, security advisory, HackerOne, H1, hacktivity, pentest skill, bug bounty, check for updates.

2026-03-14
ghsa-skill-builder
Analistas de seguridad de la información

Use when building or updating vulnerability pattern Skills from multiple sources: GitHub Security Advisories (GHSA), HackerOne Hacktivity, or NVD. Triggers on keywords: GHSA, CVE, vulnerability skill, vuln pattern, update skills, security advisory, HackerOne, H1, hacktivity, pentest skill, bug bounty, check for updates.

2026-03-14
go-vuln-auth-bypass
Analistas de seguridad de la información

Use when auditing Go code involving authentication flows, RBAC policies, Kubernetes admission webhooks, JWT/OAuth token validation, or privilege escalation in cloud-native infrastructure. Covers CWE-287/863/269/284/285/862. Keywords: authentication bypass, authorization bypass, RBAC, admission webhook, JWT, OAuth, privilege escalation, Rancher, Kyverno, impersonation, namespace isolation, middleware auth

2026-03-14
go-vuln-crypto-tls
Analistas de seguridad de la información

Use when auditing Go code involving TLS configuration, certificate validation, JWT token parsing, SAML assertion verification, webhook signature checking, or cryptographic operations. Covers CWE-295/347/345. Keywords: InsecureSkipVerify, TLS, mTLS, certificate validation, JWT algorithm, SAML signature, cosign, sigstore, hmac.Equal, X.509, webhook HMAC

2026-03-14
go-vuln-dos
Analistas de seguridad de la información

Use when auditing Go code involving goroutine management, channel operations, HTTP request handling, resource allocation, or panic recovery. Covers CWE-400/770/476. Keywords: denial of service, goroutine leak, channel deadlock, panic recover, io.ReadAll, resource exhaustion, OOM, HTTP/2 abuse, protobuf, unbounded allocation, rate limiting

2026-03-14
go-vuln-info-disclosure
Analistas de seguridad de la información

Use when auditing Go code involving logging, error handling, HTTP response data, Kubernetes Secret management, or credential storage. Covers CWE-200/532/522/312/552. Keywords: information disclosure, credential leak, log exposure, Kubernetes Secret, json tag, struct formatting, error message, stack trace, Rancher, Argo CD, sensitive data

2026-03-14
go-vuln-injection
Desarrolladores de software

Use when auditing Go code involving OS command execution, SQL queries, template rendering, or child command invocation. Covers CWE-78/89/77/94/88. Keywords: command injection, SQL injection, exec.Command, os/exec, database/sql, text/template, html/template, argument injection, shell injection, Gogs, Grafana, MCP stdio

2026-03-14
go-vuln-path-traversal
Desarrolladores de software

Use when auditing Go code involving file path operations, archive extraction, symlink handling, container volume mounts, or HTTP file serving. Covers CWE-22/59. Keywords: path traversal, directory traversal, filepath.Join, symlink, archive extraction, zip slip, tar, volume mount, go-git, Helm chart, os.Open, filepath.Clean

2026-03-14
go-vuln-ssrf-requestforgery
Desarrolladores de software

Use when auditing Go code involving HTTP client requests, webhook callbacks, URL handling, HTML template rendering in Go web frameworks, or CSRF protection. Covers CWE-918/352/79. Keywords: SSRF, server-side request forgery, XSS, cross-site scripting, CSRF, http.Get, http.Client, template.HTML, Gin, Echo, Fiber, webhook, Kyverno, DNS rebinding

2026-03-14
pentest-access-control
Analistas de seguridad de la información

Use when performing penetration testing targeting access control and privilege escalation vulnerabilities. Keywords: access control, privilege escalation, RBAC bypass, tenant isolation, vertical escalation, horizontal escalation, missing authorization, SAML bypass

2026-03-14
pentest-auth-bypass
Analistas de seguridad de la información

Use when performing penetration testing targeting authentication bypass vulnerabilities. Keywords: authentication bypass, OTP bypass, 2FA bypass, login bypass, session fixation, default credentials, account takeover, token manipulation

2026-03-14
pentest-business-logic
Analistas de seguridad de la información

Use when performing penetration testing targeting business logic flaws, denial of service, and race condition vulnerabilities. Keywords: business logic, race condition, TOCTOU, denial of service, ReDoS, resource exhaustion, rate limiting bypass, workflow bypass

2026-03-14
pentest-command-injection
Analistas de seguridad de la información

Use when performing penetration testing targeting command injection and remote code execution vulnerabilities. Keywords: command injection, OS command injection, RCE, remote code execution, code injection, shell injection, deserialization, Log4Shell

2026-03-14
pentest-deserialization-xxe
Analistas de seguridad de la información

Use when performing penetration testing targeting deserialization, XXE, and dangerous file upload vulnerabilities. Keywords: deserialization, insecure deserialization, XXE, XML external entities, file upload, unrestricted upload, pickle, Java serialization, gadget chain

2026-03-14
pentest-idor
Analistas de seguridad de la información

Use when performing penetration testing targeting insecure direct object reference vulnerabilities. Keywords: IDOR, broken object level authorization, BOLA, parameter tampering, horizontal privilege escalation, API authorization, UUID guessing

2026-03-14
pentest-info-disclosure
Analistas de seguridad de la información

Use when performing penetration testing targeting information disclosure and sensitive data exposure vulnerabilities. Keywords: information disclosure, sensitive data exposure, credential leak, API key exposure, directory listing, error message leakage, debug info, cleartext storage

2026-03-14
pentest-memory-corruption
Analistas de seguridad de la información

Use when performing penetration testing targeting memory corruption vulnerabilities in native applications. Keywords: buffer overflow, heap overflow, use-after-free, integer overflow, format string, stack overflow, type confusion, out-of-bounds read/write

2026-03-14
pentest-path-traversal
Analistas de seguridad de la información

Use when performing penetration testing targeting path traversal and file inclusion vulnerabilities. Keywords: path traversal, directory traversal, LFI, RFI, file read, file write, dot-dot-slash, null byte, symlink attack, zip slip

2026-03-14
pentest-request-forgery
Analistas de seguridad de la información

Use when performing penetration testing targeting request forgery vulnerabilities including CSRF, HTTP request smuggling, and CRLF injection. Keywords: CSRF, cross-site request forgery, HTTP smuggling, request smuggling, CRLF injection, header injection, clickjacking, desync attack

2026-03-14
pentest-sqli
Analistas de seguridad de la información

Use when performing penetration testing targeting SQL injection vulnerabilities in web applications. Keywords: SQL injection, blind SQLi, union-based, error-based, time-based, second-order injection, ORM injection, parameterized queries bypass

2026-03-14
pentest-ssrf
Analistas de seguridad de la información

Use when performing penetration testing targeting server-side request forgery vulnerabilities. Keywords: SSRF, server-side request forgery, URL parameter manipulation, internal service access, cloud metadata, blind SSRF, DNS rebinding

2026-03-14
pentest-xss
Analistas de seguridad de la información

Use when performing penetration testing targeting cross-site scripting vulnerabilities including stored, reflected, and DOM-based XSS. Keywords: XSS, stored XSS, reflected XSS, DOM XSS, content injection, HTML injection, JavaScript injection, CSP bypass

2026-03-14
vuln-patterns-auth-bypass
Analistas de seguridad de la información

Use when auditing Python code involving authentication flows, permission checks, access control logic, JWT/token validation, decorator-based protection, or SSO/OAuth identity binding. Covers CWE-285/287/863. Keywords: authentication bypass, authorization bypass, access control, permission check, JWT verification, token validation, decorator, middleware auth, privilege escalation, permission_classes, SAML, OpenID

2026-03-14
vuln-patterns-deserialization
Analistas de seguridad de la información

Use when auditing Python code involving pickle/unpickle, yaml.load, torch.load, joblib.load, shelve, marshal, custom JSON object_hook with importlib, or ZeroMQ recv_pyobj. Covers CWE-502. Keywords: deserialization, pickle, unpickle, yaml.load, torch.load, joblib, shelve, marshal, __reduce__, cloudpickle, dill, safetensors, weights_only, picklescan

2026-03-14
vuln-patterns-injection
Analistas de seguridad de la información

Use when auditing Python code involving command execution (subprocess, os.system, os.popen), SQL queries (cursor.execute, sqlalchemy.text, ORM .extra/.raw), eval/exec calls, template rendering (Jinja2, Mako SSTI), or expression evaluation. Covers CWE-77/78/89/94/95/917. Keywords: command injection, SQL injection, code injection, eval, exec, template injection, expression language injection, Hydra instantiate, allow_dangerous_code

2026-03-14
vuln-patterns-path-traversal
Analistas de seguridad de la información

Use when auditing Python code involving file path operations (os.path.join, pathlib), file upload/download, archive extraction (tarfile, zipfile), or file inclusion. Covers CWE-22/23. Keywords: path traversal, directory traversal, zip slip, file upload, file download, extractall, Content-Disposition, secure_filename, session file, symlink, os.path.join absolute path override

2026-03-14
vuln-patterns-ssrf
Analistas de seguridad de la información

Use when auditing Python code involving HTTP client calls (requests, httpx, urllib, aiohttp), webhook endpoints, proxy forwarding, file/model downloads, or SVG/XML external resource loading. Covers CWE-918. Keywords: SSRF, server-side request forgery, requests.get, urllib, httpx, aiohttp, webhook, proxy, redirect, url fetch, file download, gethostbyname, is_private_url, DNS rebinding, cloud metadata

2026-03-14
vuln-patterns-xss
Analistas de seguridad de la información

Use when auditing Python web applications involving HTML rendering, template engines (Jinja2, Mako, Django templates), Markdown parsing, DataFrame-to-HTML conversion, or frontend innerHTML assignments. Covers CWE-79. Keywords: XSS, cross-site scripting, HTML injection, mark_safe, |safe, autoescape, bleach, escape, innerHTML, decode_contents, self.write, to_html, format_html

2026-03-14