This is a P1 category router that helps you triage injection vulnerabilities by looking at where attacker-controlled input actually lands. Instead of guessing whether you're dealing with XSS, SQLi, SSRF, or one of a dozen other injection types, you identify the sink first (HTML, database, XML parser, shell, template engine) and then jump to the appropriate deep-dive skill. It routes to 18 different injection classes including the usual suspects and less common ones like XSLT, CSV formula injection, and prototype pollution. The workflow is simple: spot the dangerous interpreter, pick the matching skill from the map, skip the payload guessing game. Good first stop when you know input is reaching something executable but aren't sure which flavor of injection you're actually hunting.
npx skills add https://github.com/yaklang/hack-skills --skill injection-checking