Loads expert CSRF attack patterns with a focus on modern bypass techniques that base models typically miss. Covers the full range from basic token validation flaws (token not validated server-side being the most common) to SameSite cookie edge cases, JSON CSRF via content-type tricks, and OAuth state parameter attacks. Especially strong on the double-submit cookie pattern vulnerabilities and the two-minute Lax cookie exemption in Chrome. Includes ready-to-use HTML proof-of-concept templates for different attack vectors. Best deployed when auditing state-changing endpoints like password resets, email changes, or admin role assignments where you need to systematically check token implementation and cookie behavior rather than just surface-level CSRF presence.
npx skills add https://github.com/yaklang/hack-skills --skill csrf-cross-site-request-forgery