This walks you through identifying HTML injection vulnerabilities where attackers can inject malicious HTML into web apps to modify pages, create phishing forms, or steal credentials. It covers the fundamentals: using browser dev tools, Burp Suite or ZAP, and testing payloads with cURL. The skill assumes you know basic HTML and HTTP structure, which is fair since you need to understand what you're injecting and why. It's forked from zebbern/claude-code-guide and sits in a larger template collection with 27.7K stars. Useful for learning the mechanics of HTML injection as distinct from XSS, though Snyk flags the repo so check what's actually in there before running anything in a production context.
npx skills add https://github.com/davila7/claude-code-templates --skill html-injection-testing