This is a comprehensive penetration testing skill for identifying and exploiting XSS and HTML injection vulnerabilities in web applications. It walks through stored, reflected, and DOM-based XSS detection, complete with payload examples for session hijacking, credential theft, and phishing form injection. The workflow covers everything from basic reflection testing to filter bypass techniques using encoding and tag variations. You'd use this during authorized security assessments when you need systematic client-side injection testing across all major attack vectors. The skill includes practical examples like keylogger injection and CSS-based data exfiltration, though obviously this is strictly for authorized pentesting with written scope agreements. It's thorough but assumes you already understand JavaScript execution contexts and HTTP fundamentals.
npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill xss-html-injection