allsmog/vuln-scout Skills

This skill should be used when the user asks about "business logic", "workflow vulnerability", "trust boundary", "state machine", "authorization bypass", "multi-step process", "workflow bypass", "application logic flaw", or needs to identify business logic vulnerabilities during whitebox pentesting.

--- name: Cache Poisoning description: This skill should be used when the user asks about "cache poisoning", "web cache deception", "CDN cache", "proxy cache", "nginx cache", "varnish", "cache key manipulation", "response caching", or needs to find cache-related vulnerabilities during whitebox pen

This skill should be used when the user asks about "Code Property Graph", "CPG analysis", "Joern queries", "CPGQL", "data flow verification", "taint tracking with Joern", "semantic code analysis", or needs to understand how CPG-based verification works for vulnerability detection.

This skill should be used when the user asks about "cryptographic failures", "weak encryption", "hardcoded secrets", "insecure random", "MD5", "SHA1", "weak hashing", or needs to find crypto-related vulnerabilities during whitebox pentesting.

This skill should be used when the user asks about "dangerous functions", "security sinks", "what functions are dangerous in PHP/Java/Python", "find vulnerable functions", "code execution functions", "command injection sinks", "SQL injection functions", or needs to identify security-sensitive functions in source code during whitebox pentesting.

This skill should be used when the user asks to "trace data flow", "follow user input", "source to sink analysis", "track variable", "find input sources", "taint analysis", or needs to understand how user-controlled data flows through an application during whitebox pentesting.

This skill should be used when the user asks about "XXE", "XML External Entity", "error handling", "exception disclosure", "stack trace exposure", "improper error handling", or needs to find exception-related vulnerabilities during whitebox pentesting.

This skill should be used when the user asks to "write an exploit", "create PoC", "develop proof of concept", "exploit script", "automate exploitation", "build exploit", or needs guidance on developing working exploits during whitebox pentesting.

This skill should be used when the user asks about "logging failures", "log injection", "insufficient logging", "audit logging", "security logging", "CWE-117", or needs to find logging-related vulnerabilities during whitebox pentesting.

This skill should be used when the user is auditing a "polyglot monorepo", "multi-language codebase", "microservices with different languages", "Go + Python + TypeScript", or any codebase with services written in different programming languages. Provides strategies for cross-service security analysis and unified threat modeling.

This skill should be used when the user asks about "OWASP Top 10", "OWASP 2025", "vulnerability categories", "CWE mapping", "security standards", or needs to understand how vulnerabilities map to industry standards during whitebox pentesting.

# DOM XSS via postMessage This skill covers detecting and exploiting Cross-Origin Messaging (postMessage) vulnerabilities that lead to DOM-based XSS. --- ## Overview `postMessage` is a browser API that allows cross-origin communication between windows/iframes. When message handlers don't validat

This skill should be used when the user asks about "security misconfiguration", "default credentials", "debug mode", "security headers", "exposed endpoints", "TLS configuration", or needs to find configuration-related vulnerabilities during whitebox pentesting.

Detect ANY credential/secret flowing to ANY output sink. Use when asked about "credential leakage", "secret logging", "sensitive data exposure", "CWE-532", "password in logs", "token exposure", or security logging issues.

This skill should be used when the user asks about "threat model", "STRIDE", "data flow diagram", "attack surface", "threat analysis", "security architecture", "component threats", "trust boundaries", "technology decomposition", or needs systematic threat identification during whitebox pentesting.

This skill should be used when the user asks about "vulnerability patterns", "how to find SQL injection", "XSS patterns", "command injection techniques", "OWASP vulnerabilities", "common web vulnerabilities", "exploitation patterns", or needs to understand how specific vulnerability classes work during whitebox pentesting.

This skill should be used when the user asks to "detect workspaces", "find packages", "list monorepo packages", "workspace structure", "monorepo analysis", or needs to identify workspace/package boundaries in a codebase for focused security analysis.