Skip to main content
在 Manus 中运行任何 Skill
一键导入

prototype-pollution

星标2
分支1
更新时间2026年7月9日 12:42

SAST detection methodology for JavaScript/Node prototype pollution (CWE-1321), including client-side PP feeding DOM XSS gadgets and server-side PP escalating to RCE via child_process and template-engine option gadgets. Covers vulnerable recursive merge/extend/clone/set utilities, __proto__/constructor.prototype keys, and nested-object parsers. Use when reviewing JS that merges, clones, or deep-sets objects from untrusted input. Writes confirmed findings to findings/14-prototype-pollution.md.

安装

用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。

SKILL.md
readonly