ReddRadar
Agent skill
input-validation-sanitization-auditor
Identifies and fixes XSS, SQL injection, and command injection vulnerabilities with validation schemas, sanitization libraries, and safe coding patterns. Use for "input validation", "XSS prevention", "SQL injection", or "sanitization".
Install this agent skill to your Project
npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/data/input-validation-sanitization-auditor
SKILL.md
Input Validation & Sanitization Auditor
Prevent injection attacks through proper input handling.
XSS Prevention
// ❌ DANGEROUS: Direct HTML injection
app.get("/search", (req, res) => {
res.send(`<h1>Results for: ${req.query.q}</h1>`); // XSS!
});
// ✅ SAFE: Properly escaped
import { escape } from "html-escaper";
app.get("/search", (req, res) => {
res.send(`<h1>Results for: ${escape(req.query.q)}</h1>`);
});
// ✅ BETTER: Template engine with auto-escaping
res.render("search", { query: req.query.q }); // EJS/Pug escape by default
SQL Injection Prevention
// ❌ DANGEROUS: String concatenation
const userId = req.params.id;
const query = `SELECT * FROM users WHERE id = '${userId}'`; // SQL Injection!
db.query(query);
// ✅ SAFE: Parameterized queries
db.query("SELECT * FROM users WHERE id = $1", [userId]);
// ✅ BEST: ORM (Prisma)
await prisma.user.findUnique({ where: { id: userId } });
Input Validation Schema
import { z } from "zod";
const userSchema = z.object({
email: z.string().email().max(255),
password: z.string().min(12).max(128),
age: z.number().int().min(13).max(120),
website: z.string().url().optional(),
});
app.post("/register", async (req, res) => {
try {
const validated = userSchema.parse(req.body);
await createUser(validated);
res.json({ success: true });
} catch (error) {
res.status(400).json({ error: error.errors });
}
});
Output Checklist
- XSS prevention (escaping, CSP)
- SQL injection prevention (parameterized queries)
- Command injection prevention
- Input validation schemas
- Output encoding
- Sanitization libraries
- Security tests ENDFILE
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
Didn't find tool you were looking for?