remediation
Helps fix security vulnerabilities identified by DryRunSecurity. Activates when the user shares a DryRunSecurity comment (from a GitHub PR or GitLab MR) or asks for help fixing any security finding including SQL injection, XSS, CSRF, SSRF, path traversal, command injection, authentication bypass, authorization flaws, and prompt injection. Researches authoritative sources and applies fixes grounded in the user's specific codebase context.
94
92%
Does it follow best practices?
Impact
100%
1.16xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Evaluation results
100%
11%Fix Security Finding in Flask Product API
SQL injection fix with contextual pattern matching
Parameterized query used
100%
100%
No string concatenation in SQL
100%
100%
Matches existing codebase pattern
100%
100%
Minimal change
100%
100%
Attack scenario explained
100%
100%
Authoritative source cited
100%
100%
Pattern alignment described
100%
100%
Verification steps included
100%
100%
Related code identified
100%
100%
Commit prefix correct
50%
100%
DryRunSecurity co-author
0%
100%
100%
20%Patch Authorization Gap in Admin API
Authorization bypass fix using existing middleware
requireAdmin applied
100%
100%
Uses existing import
100%
100%
No custom inline auth
100%
100%
Route functionality preserved
100%
100%
Attack scenario explained
100%
100%
Authoritative source cited
0%
100%
Pattern alignment described
100%
100%
Verification steps included
100%
100%
Related code identified
100%
100%
Commit prefix correct
62%
100%
DryRunSecurity co-author
0%
100%
100%
11%Resolve XSS Finding in User Profile Renderer
XSS fix with research documentation and OWASP reference
Escaped output used
100%
100%
Unescaped syntax removed
100%
100%
Research log contains URLs
100%
100%
OWASP or CWE referenced
100%
100%
Matches existing codebase pattern
100%
100%
Attack scenario explained
100%
100%
Authoritative source cited in report
100%
100%
Verification steps included
100%
100%
Related templates identified
100%
100%
Commit prefix correct
50%
100%
DryRunSecurity co-author
0%
100%
- Commit
3145d1e
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.