Skill UI

A comprehensive guide to configuring a fast, reproducible local development workflow for Webflow Data API v2 integrations. This setup includes TypeScript, hot reloading, Vitest mocking, and ngrok webhook tunneling, enabling developers to establish a rapid iteration cycle for seamless Webflow development and testing.

Captures complete, full-page screenshots of any modern web page using the Chrome DevTools Protocol (CDP). Unlike standard tools, this utility handles Single Page Applications (SPAs), scrolling content, lazy-loaded images, and complex scroll containers, ensuring the entire visible content is captured in a single, high-fidelity PNG file. Ideal for documenting complex web flows and testing.

A hands-on methodology for testing IoT and embedded devices, covering hardware reconnaissance, firmware extraction and analysis, bootloader access, runtime exploitation, wireless protocol attacks, companion app review, and cloud API abuse.

This router entry point is designed for comprehensive testing of file access, download endpoints, and file upload workflows. Use this guide when validating file paths, detecting Local File Inclusion (LFI), or analyzing vulnerabilities in preview, storage, or extraction processes. It helps categorize whether the security issue relates to path traversal or insecure data processing chains.

This comprehensive playbook details advanced techniques for detecting Prototype Pollution vulnerabilities in JavaScript environments (Node.js and browser). It covers various attack vectors, including using `__proto__` and `constructor.prototype` paths, and provides black-box testing payloads for JSON parsing, query string merging, and deep object assignment. Use this when analyzing applications for potential Remote Code Execution (RCE) or unintended property leakage via object merging sinks.

A comprehensive, expert playbook for challenging insecure file upload mechanisms. It provides advanced attack vectors covering validation bypass (magic bytes, extension), storage path abuse (traversal, overwrite), and exploitation of post-upload processing chains (XXE, RCE, CMDi). Essential for deep security auditing of file-handling workflows.

An expert-level playbook covering non-obvious XSS techniques, advanced payload selection across various sinks (DOM, SVG, HTML attributes, JavaScript), and sophisticated defense bypass strategies. Use this guide for real-world penetration testing, including WAF bypass, CSP bypass, HttpOnly bypass, and XS-Leaks side channel exploitation. It assumes deep knowledge of web vulnerability mechanics.

A comprehensive, multi-stage verification loop designed for Quarkus applications. It guides developers through best practices for pre-release checks, including clean builds, static code analysis (SonarQube, PMD), thorough unit/integration/API testing with coverage enforcement, dependency security scanning, native image compatibility testing, and load performance profiling.