This is a security testing skill for finding XSS and HTML injection vulnerabilities in web applications. It covers all three major attack vectors: stored, reflected, and DOM-based XSS. You'll need Burp Suite or browser dev tools, test accounts, and a solid understanding of JavaScript execution contexts and DOM manipulation. The skill walks you through systematic injection testing, session hijacking demonstrations, and validating whether input sanitization actually works. Originally from sickn33/antigravity-awesome-skills, now maintained in davila7's template collection. Useful if you're doing penetration testing or security assessments, though the Snyk audit failed while other security checks passed, so review the code before running it against production systems.
npx skills add https://github.com/davila7/claude-code-templates --skill cross-site-scripting-and-html-injection-testing