Skill UI

Deprecated routing skill that reroutes legacy "content creator" requests to content-production for writing/SEO/brand-voice needs or to content-strategy for planning, ensuring users land with the specialist best suited to their intent.

This skill acts as a compatibility alias for pull request (PR) creation. It is designed to handle requests using the legacy name 'create-pr', redirecting the user to the canonical and updated workflow found in 'sentry-skills:pr-writer'. Use this when referencing the old skill name to ensure the latest PR writing standards are applied.

An expert skill dedicated to building secure, robust frontend applications. It specializes in preventing client-side vulnerabilities such as XSS and clickjacking. Core capabilities include safe DOM manipulation, implementing Content Security Policy (CSP), advanced input sanitization (allowlisting), and securing complex interactions like secure redirects and session management.

Explains how to create route.ts endpoints in the Next.js App Router, covering HTTP methods, request/response handling, streaming, cookies, redirects, CORS, and caching so you can build REST APIs.

Guides building Next.js Server Actions for App Router forms, mutations, and optimistic updates, covering useFormState/useFormStatus hooks, revalidation helpers, and post-submission redirects.

This skill guides users through analyzing suspicious URLs using the URLScan.io platform or API. It provides a safe environment to capture screenshots, DOM content, network traffic, and analyze JavaScript behavior to investigate phishing attempts, credential harvesting, and sophisticated malicious redirects without risking the analyst's system.

This comprehensive guide details how to deploy and configure a resilient Command and Control (C2) infrastructure using the advanced Sliver framework. It covers setting up multi-protocol listeners (HTTPS, mTLS, DNS, WireGuard), implementing complex redirectors, domain fronting, and establishing operational security controls for professional red team engagements and advanced security assessments.

This guide provides a comprehensive walkthrough for deploying and configuring a production-grade Command and Control (C2) infrastructure using the open-source Havoc framework. It covers setting up the Teamserver, configuring secure HTTPS listeners, implementing redirectors (e.g., Nginx), and deploying Demon agents for advanced post-exploitation red team operations. This skill is essential for authorized security assessments and building robust defensive countermeasures.

A comprehensive guide for penetration testers detailing methods to identify and exploit misconfigurations in OAuth 2.0 and OpenID Connect (OIDC) flows. Techniques cover redirect URI manipulation, authorization code theft, token leakage via headers, and scope escalation during security assessments.

This skill provides a comprehensive methodology for identifying and exploiting open redirect vulnerabilities in web applications. It covers advanced bypass techniques (e.g., URL encoding, protocol-relative URLs, path traversal) and demonstrates chaining with other flaws like OAuth redirection for advanced phishing simulations and token theft. Designed for authorized security professionals conducting penetration tests.

This comprehensive tool assesses critical security flaws in OAuth 2.0 and OpenID Connect (OIDC) implementations. It systematically tests for common vulnerabilities like authorization code interception, redirect URI manipulation, CSRF in OAuth flows, token leakage, and scope escalation. Ideal for penetration testers and security engineers evaluating the robustness of identity providers and client applications.

This workflow provides an end-to-end programmatic solution for managing the Canva design lifecycle. It allows users to create new designs via the API, redirect users to the editor for modifications, retrieve design metadata, and finally, export finished assets in various high-quality formats (PDF, PNG, JPG, etc.). Ideal for integrating design capabilities into external applications like CMS or marketing automation tools.