メニュー
Scans Markdown (.md) files for malicious code injection including XSS, prompt injection, script injection, obfuscated payloads, and supply chain attack vectors. Use when auditing .md files for security threats or when the user mentions scanning markdown for malicious content.
Turns real agent failures, repeated prompts, team-specific workflows, and durable project lessons into better SDD skills or memory entries. Use when the user asks to create/update/refine skills, extract reusable lessons, improve skill routing, encode team process, or save patterns for future sessions.
Provides the vendored agent-style v0.3.5 prose rule pack as a portable Claude skill. Use when installing, syncing, applying, or auditing SDD Agent-Style support in another project, or when a style-review workflow needs the bundled rules.
Reviews Markdown prose against the pinned agent-style v0.3.5 rules and optionally writes a polished copy beside the source. Use for specs, ADRs, PR bodies, release notes, and technical docs when prose quality or evidence discipline matters.
Provides .NET and ASP.NET Core patterns for REST APIs, Entity Framework, dependency injection, and middleware. Use when working with C# files (*.cs, *.csproj) or when the user mentions .NET, ASP.NET Core, C#, or Entity Framework.
Designs hybrid cloud architectures connecting on-premises infrastructure with public cloud services. Use when designing systems spanning on-prem and cloud, or when the user mentions hybrid cloud or multi-environment architecture.
Provides microservices design patterns for service decomposition, API gateway, circuit breakers, saga orchestration, and inter-service communication. Use when designing or implementing microservices architecture.
| name | markdown-injection-scanner |
| type | workflow |
| description | Scans Markdown (.md) files for malicious code injection including XSS, prompt injection, script injection, obfuscated payloads, and supply chain attack vectors. Use when auditing .md files for security threats or when the user mentions scanning markdown for malicious content. |
| context | fork |
| agent | security-engineer |
| when_to_use | When scanning .md files for injection attacks, prompt injection, embedded malware, or when auditing documentation files for security threats |
| allowed-tools | Read, Glob, Grep, Bash |
| argument-hint | [target directory path] |
| user-invocable | true |
| effort | 3 |
Scans all .md files in a target directory for 18 categories of malicious code injection.
Uses regex pattern matching across the entire file corpus with parallel subagent execution for speed.
/markdown-injection-scanner [target-directory]
If no directory is specified, ask the user to provide one.
Count all .md files in target directory (recursive).
Sample 2-3 files to understand the file structure and content type (design docs, documentation, config, etc.).
Report file count and content type before proceeding.
Execute scans in 3 parallel batches using subagents for speed. Each subagent uses search_files with the target directory path and *.md file pattern.
| # | Category | Regex Pattern | Threat |
|---|---|---|---|
| 1 | Script tags | <script[^>]*> | Embedded JavaScript execution |
| 2 | HTML Event Handlers | (onclick|onerror|onload|onmouseover|onfocus|onblur|onresize|onsubmit|onchange|oninput|onkeydown|onkeyup|onkeypress|ontouchstart|onmouseenter|onmouseleave)\s*= | Inline JS via HTML attributes |
| 3 | JS/VBScript Protocol | (javascript:|vbscript:) | Malicious link protocols |
| 4 | Dynamic Code Execution | (eval\s*\(|Function\s*\(|setTimeout\s*\(|setInterval\s*\() | Code execution via eval/setTimeout |
| 5 | DOM Manipulation | (document\.(cookie|domain|write)|window\.(location|open)|XMLHttpRequest|fetch\s*\() | DOM-based attacks |
| # | Category | Regex Pattern | Threat |
|---|---|---|---|
| 6 | Base64 Payloads | (base64|atob|btoa|b64decode|b64encode)[\s(] | Encoded malicious content |
| 7 | Data URI Injection | data:\s*(text/html|application/javascript|text/javascript) | Inline HTML/JS via data URIs |
| 8 | SVG Injection | <svg[^>]*> | SVG-based XSS vectors |
| 9 | Hex/Unicode Encoding | (\\x[0-9a-fA-F]{2}|\\u[0-9a-fA-F]{4}|&#x[0-9a-fA-F]+;) | Obfuscated character encoding |
| 10 | Hidden Text — display:none | <(span|div|p)[^>]*style\s*=\s*['"][^'"]*display\s*:\s*none | Hidden content tricks |
| 11 | Hidden Text — font-size:0 | font-size\s*:\s*0 | Invisible text |
| # | Category | Regex Pattern | Threat |
|---|---|---|---|
| 12 | HTML Tag Injection | <(iframe|embed|object|link|meta|form|input|textarea|button)[\s>] | Injected HTML elements |
| 13 | Suspicious Markdown Links | \[.*?\]\(data: then \[.*?\]\(javascript: then \[.*?\]\(vbscript: | Malicious link targets |
| 14 | Prompt Injection (NL) | (?i)(ignore\s+(all\s+)?previous\s+instructions|you\s+are\s+now|forget\s+(all\s+)?previous|system\s*:\s*you\s+are|disregard\s+(all\s+)?prior|override\s+(all\s+)?instructions|new\s+instructions?:|IMPORTANT:.*ignore|do\s+not\s+follow) | AI/LLM prompt hijacking |
| 15 | Prompt Injection (Token) | (?i)(\[INST\]|\[\/INST\]|<|im_start|>|<|im_end|>|<|system|>|<|user|>|<|assistant|>|Human:|Assistant:|###\s*System\s*Prompt|BEGIN\s+HIDDEN|END\s+HIDDEN) | LLM token format injection |
| 16 | Shell Command Injection | (curl\s+|wget\s+|bash\s+-c|sh\s+-c|powershell|cmd\.exe|/bin/sh|/bin/bash|rm\s+-rf|chmod\s+777|sudo\s+) | Shell command execution |
| 17 | Executable File Links | (https?://[^\s)>\]]*\.(exe|bat|cmd|ps1|sh|msi|dll|vbs|wsf|hta|scr)) | Links to malicious executables |
| 18 | Malware Keywords | (?i)(steganograph|obfusc|malware|payload|exploit|backdoor|trojan|keylog|ransom|phish) | Direct malware references |
Use 3 subagents via use_subagents, each with prompts corresponding to their batch patterns above. Replace [TARGET_DIR] with the actual target directory.
Subagent 1 — Script and Code Injection:
Search for script and code injection patterns in .md files in "[TARGET_DIR]". Use search_files with these regex patterns on *.md files, one at a time:
1. `<script[^>]*>`
2. `(onclick|onerror|onload|onmouseover|onfocus|onblur|onresize|onsubmit|onchange|oninput|onkeydown|onkeyup|onkeypress|ontouchstart|onmouseenter|onmouseleave)\s*=`
3. `(javascript:|vbscript:)`
4. `(eval\s*\(|Function\s*\(|setTimeout\s*\(|setInterval\s*\()`
5. `(document\.(cookie|domain|write)|window\.(location|open)|XMLHttpRequest|fetch\s*\()`
Report all findings per pattern.
Subagent 2 — Obfuscation and Encoding:
Search for obfuscation and encoding patterns in .md files in "[TARGET_DIR]". Use search_files with these regex patterns on *.md files, one at a time:
1. `(base64|atob|btoa|b64decode|b64encode)[\s(]`
2. `data:\s*(text/html|application/javascript|text/javascript)`
3. `<svg[^>]*>`
4. `(\\x[0-9a-fA-F]{2}|\\u[0-9a-fA-F]{4}|&#x[0-9a-fA-F]+;)`
5. `<(span|div|p)[^>]*style\s*=\s*['"][^'"]*display\s*:\s*none`
6. `font-size\s*:\s*0`
Report all findings per pattern.
Subagent 3 — Injection Vectors:
Search for injection vectors in .md files in "[TARGET_DIR]". Use search_files with these regex patterns on *.md files, one at a time:
1. `<(iframe|embed|object|link|meta|form|input|textarea|button)[\s>]`
2. `\[.*?\]\(data:` then `\[.*?\]\(javascript:` then `\[.*?\]\(vbscript:`
3. `(?i)(ignore\s+(all\s+)?previous\s+instructions|you\s+are\s+now|forget\s+(all\s+)?previous|system\s*:\s*you\s+are|disregard\s+(all\s+)?prior|override\s+(all\s+)?instructions|new\s+instructions?:|IMPORTANT:.*ignore|do\s+not\s+follow)`
4. `(?i)(\[INST\]|\[\/INST\]|<\|im_start\|>|<\|im_end\|>|<\|system\|>|<\|user\|>|<\|assistant\|>|Human:|Assistant:|###\s*System\s*Prompt|BEGIN\s+HIDDEN|END\s+HIDDEN)`
5. `(curl\s+|wget\s+|bash\s+-c|sh\s+-c|powershell|cmd\.exe|/bin/sh|/bin/bash|rm\s+-rf|chmod\s+777|sudo\s+)`
6. `(https?://[^\s)>\]]*\.(exe|bat|cmd|ps1|sh|msi|dll|vbs|wsf|hta|scr))`
7. `(?i)(steganograph|obfusc|malware|payload|exploit|backdoor|trojan|keylog|ransom|phish)`
Report all findings per pattern.
If any patterns matched in Phase 2, read the flagged files to:
If zero patterns matched, skip to Phase 4.
# Markdown Injection Scan Report — [TARGET_DIR]
## Summary
- **Files scanned:** [count]
- **Patterns checked:** 18
- **Threats found:** [count]
- **Verdict:** CLEAN | LOW RISK | MEDIUM RISK | HIGH RISK
## Results Matrix
| # | Category | Pattern | Matches | Severity |
|---|----------|---------|---------|----------|
| 1 | Script tags | <script> | 0 | — |
| ... | ... | ... | ... | ... |
## Detailed Findings (if any)
| Severity | Category | File:Line | Content | Remediation |
|----------|----------|-----------|---------|-------------|
| P0/P1/P2/P3 | ... | ... | ... | ... |
## Sample File Review
- Files reviewed: [list]
- Structure: [description]
- Suspicious content: [none / details]
Ask user permission before saving:
"May I write the report to
docs/security/markdown-injection-scan-{YYYY-MM-DD}.md?"
security-audit — comprehensive OWASP/infrastructure security audit for codebasescode-review — code-level review with security considerationsguard — freeze check before deploying security fixes