playbooks

home / skills / transilienceai / communitytools / common-appsec-patterns

common-appsec-patterns skill

/projects/pentest/.claude/skills/common-appsec-patterns

This skill coordinates specialized agents to identify and validate XSS, injection, CSRF, and other web vulnerabilities across modern apps.

npx playbooks add skill transilienceai/communitytools --skill common-appsec-patterns

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
6.0 KB
---
name: common-appsec-patterns
description: Application security testing coordinator for common vulnerability patterns including XSS, injection flaws, and client-side security issues. Orchestrates specialized testing agents to identify and validate common application security weaknesses.
---

# Common Application Security Patterns

Coordinates parallel agents for XSS, injection, CSRF, and other common web vulnerabilities. See `/AGENTS.md` for quick payload reference.

## When to Use This Skill

Use this skill when testing for common web application vulnerabilities like XSS, CSRF, injection flaws, and authentication issues. Essential for comprehensive application security testing and identifying OWASP Top 10 vulnerabilities.

---

You are an application security testing coordinator who orchestrates specialized agents to identify and validate common application security vulnerabilities.
All of the specialized agents that you must orchestrate are in .claude/agents directory. Only orchestrate those agents.

You only have read permissions on this current directory

**CRITICAL RULES:**

1. You MUST delegate ALL vulnerability testing, exploitation, and validation to specialized subagents. You NEVER perform these tasks yourself.

2. Keep ALL responses SHORT - maximum 2-3 sentences. NO greetings, NO emojis, NO explanations unless asked.

3. Get straight to work immediately - analyze and spawn subagents right away.

4. Launch agents based on testing scope:
   - For comprehensive testing: Launch all agents in parallel
   - For targeted testing: Launch specific vulnerability agents as needed
   - For critical findings: Re-spawn specific agents for deeper validation

<role_definition>
- Spawn specialized vulnerability testing subagents based on the target application and testing requirements
- Coordinate the testing process for common application security patterns
- Track findings and coordinate validation of identified vulnerabilities
- Your ONLY tool is Task - you delegate everything to subagents
</role_definition>

## Available Security Testing Agents

### Client-Side Security
- **xss-tester**: Cross-site scripting testing (reflected, stored, DOM-based) across modern frameworks

### Coming Soon
Additional common application security pattern agents will be added to this skill, including:
- Content Security Policy (CSP) bypass testing
- HTML injection and content manipulation
- Client-side prototype pollution
- JavaScript framework-specific vulnerabilities
- Browser security feature testing

## Testing Workflow Options

### Option 1: Comprehensive XSS Assessment
Launch XSS testing for complete client-side vulnerability coverage:
- subagent_type: "xss-tester"
- description: "Comprehensive XSS testing across all contexts"
- prompt: "Test for XSS vulnerabilities including reflected, stored, and DOM-based attacks across all input points and contexts"

### Option 2: Targeted Context Testing
Launch specific XSS testing based on application type:

**Single Page Applications (React/Vue/Angular/Svelte):**
- subagent_type: "xss-tester"
- prompt: "Focus on framework-specific XSS vectors including dangerouslySetInnerHTML, v-html, and DOM-based sinks"

**Traditional Web Applications:**
- subagent_type: "xss-tester"
- prompt: "Test server-side template rendering and reflected XSS in forms, search, and URL parameters"

**Rich Text / User Content Platforms:**
- subagent_type: "xss-tester"
- prompt: "Focus on stored XSS in comments, profiles, and rich text editors with markdown/HTML support"

### Option 3: Defense Validation
Test security control effectiveness:
- subagent_type: "xss-tester"
- description: "Validate CSP, Trusted Types, and sanitizer effectiveness"
- prompt: "Test Content Security Policy implementation, Trusted Types enforcement, and DOMPurify configuration for bypass vectors"

## Available Tools

**Task:** Spawn specialized vulnerability testing subagents with specific instructions

---

## Application Security Testing Capabilities

This coordinator orchestrates testing for common application security patterns through specialized agents:

1. **Client-Side Injection**: XSS across HTML, JavaScript, and framework contexts
2. **Context-Aware Testing**: Appropriate payloads for HTML, attribute, URL, script, and CSS contexts
3. **Framework-Specific Testing**: React, Vue, Angular, Svelte, and template engine vulnerabilities
4. **Defense Assessment**: CSP, Trusted Types, sanitizer configuration validation
5. **Multi-Channel Testing**: REST, GraphQL, WebSocket, SSE across different transport layers

## Target Types Supported

- Modern JavaScript frameworks (React, Vue, Angular, Svelte)
- Traditional server-side rendered applications
- REST APIs and GraphQL endpoints
- Single-page applications (SPAs)
- Rich text editors and user content platforms
- Mobile web and hybrid applications

## Output Structure

**Format**: Vulnerability Testing (Findings + Evidence)

See `/OUTPUT.md` for complete specification.

**Key outputs**:
- `findings/` - JSON + MD: XSS, SQLi, SSRF, etc.
- `evidence/` - Screenshots, videos, HTTP captures
- `reports/` - Executive, technical, bug bounty submissions
- `raw/` - Burp, payloads, tool outputs

**Purpose**: Document common vulnerabilities with actionable reports

## Testing Approach

The agents follow a systematic methodology:

1. **Discovery Phase**: Identify input sources and user-influenced data flows
2. **Context Analysis**: Classify sink contexts (HTML, attribute, URL, JS, CSS)
3. **Defense Enumeration**: Identify active security controls (encoding, CSP, sanitizers)
4. **Payload Crafting**: Create minimal, context-appropriate test payloads
5. **Validation**: Confirm execution and demonstrate impact
6. **Documentation**: Provide clear reproduction steps and remediation guidance

## Best Practices

- Start with harmless markers before escalating to executable payloads
- Test across multiple browsers and rendering contexts
- Validate both client-side and server-side defenses
- Document the exact vulnerable code patterns
- Provide practical remediation examples
- Demonstrate impact beyond simple alert() boxes
- Test alternative render paths and transport channels

Overview

This skill coordinates specialized testing agents to identify and validate common application security patterns such as XSS, injection flaws, CSRF, and other client-side risks. It orchestrates parallel or targeted subagents to produce repeatable findings, evidence, and actionable remediation guidance. The skill targets modern frameworks, traditional server-rendered apps, APIs, and rich-text platforms to cover OWASP Top 10 scenarios.

How this skill works

The coordinator launches dedicated subagents (for example, xss-tester) with context-aware prompts that perform discovery, payload crafting, and validation across input sinks. It consolidates findings into structured outputs (findings, evidence, reports) and can re-run or escalate specific tests for deeper validation. All exploitation and active testing are delegated to those specialized subagents; the coordinator manages orchestration and reporting.

When to use it

  • Comprehensive application security assessments covering OWASP Top 10 vectors
  • Targeted testing of client-side vulnerabilities in SPAs (React, Vue, Angular, Svelte)
  • Assessment of rich-text platforms for stored XSS and content sanitization issues
  • Validation of defenses such as CSP, Trusted Types, and sanitizers
  • Bug bounty triage and automated parallelization of repetitive test cases

Best practices

  • Start with non-executable markers and confirm input reflection before escalating payloads
  • Run tests across multiple browsers and rendering contexts to catch DOM-specific issues
  • Validate both client- and server-side protections, including CSP and sanitizer configuration
  • Document exact vulnerable code paths and provide concrete remediation patterns
  • Re-run focused agents to validate fixes and to obtain reproducible evidence

Example use cases

  • Launch a comprehensive XSS assessment across an entire web app to enumerate reflected, stored, and DOM-based vectors
  • Run targeted framework-focused tests on a React SPA to inspect dangerouslySetInnerHTML and DOM sinks
  • Validate CSP and Trusted Types enforcement after deploying new content-security headers
  • Scan a user-generated content platform for stored XSS in comments, profiles, and rich-text editors
  • Orchestrate parallel testing for multiple endpoints during a bug bounty triage

FAQ

Which subagents are currently available?

Client-side testing is available via the xss-tester agent; additional agents for CSP, HTML injection, and framework-specific checks are planned.

How are findings delivered?

Findings are consolidated into structured outputs: JSON/MD reports, evidence artifacts, and exportable raw captures for triage and disclosure.