scanning-input-validation-practices
This skill enables Claude to automatically scan source code for potential input validation vulnerabilities. It identifies areas where user-supplied data is not properly sanitized or validated before being used in operations, which could lead to security exploits like SQL injection, cross-site scripting (XSS), or command injection. Use this skill when the user asks to "scan for input validation issues", "check input sanitization", "find potential XSS vulnerabilities", or similar requests related to securing user input. It is particularly useful during code reviews, security audits, and when hardening applications against common web vulnerabilities. The skill leverages the input-validation-scanner plugin to perform the analysis.
87
53%
Does it follow best practices?
Impact
90%
1.09xAverage score across 12 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/input-validation-scanner/skills/input-validation-scanner/SKILL.mdEvaluation results
100%
28%Security Audit: User Profile Module
XSS vulnerability scanning
Plugin invoked
0%
100%
Plugin on target file
0%
100%
XSS in template literals
100%
100%
XSS in script block
100%
100%
SQL injection in SELECT
100%
100%
SQL injection in UPDATE
100%
100%
Code locations reported
100%
100%
Contextual impact assessment
100%
100%
Website URL XSS vector
100%
100%
Both routes covered
100%
100%
86%
14%Security Review: Inventory Management Backend
SQL injection and command injection scanning
Plugin invoked
0%
40%
Plugin on target file
0%
75%
SQL injection in search_products
100%
100%
SQL injection in get_order_history
100%
100%
Non-parameterized query detail
100%
100%
Command injection in export_report
100%
100%
Command injection in delete_product
100%
100%
Code locations reported
100%
100%
Contextual risk assessment
100%
100%
SQL injection in delete_product
100%
100%
86%
4%Hardening Review: Customer Support Portal
Comprehensive multi-surface input validation audit
Plugin invoked
0%
22%
Web form surface covered
100%
100%
API surface covered
100%
100%
Webhook surface covered
100%
100%
XSS in tickets.js
100%
100%
SQL injection findings
100%
100%
Command injection in API
100%
100%
XSS in webhook handler
100%
100%
Code locations reported
100%
100%
Contextual severity assessment
100%
100%
Methodology soundness
100%
100%
83%
6%FinTech API Security Review
Dependency and code validation audit
Plugin invoked
0%
33%
SQL injection in payment creation
100%
100%
SQL injection in refund route
100%
100%
SQL injection in history query
100%
100%
SQL injection in merchant search
100%
100%
Command injection in refund logger
100%
100%
Dependency check performed
21%
35%
Dependency findings noted
100%
100%
Code locations reported
100%
100%
Financial contextual severity
100%
100%
Both layers covered
100%
100%
97%
7%Authentication Service Security Audit and Hardening Plan
Security workflow integration
Plugin invoked
0%
70%
SQL injection in register
100%
100%
SQL injection in login
100%
100%
SQL injection in admin search
100%
100%
SQL injection in password change
100%
100%
Command injection in audit logger
100%
100%
All five routes covered
100%
100%
Regular scanning recommendation
100%
100%
Actionable integration steps
100%
100%
Code locations reported
100%
100%
Contextual severity
100%
100%
91%
3%Registration API Security Verification
Insufficient validation detection
Plugin invoked
0%
25%
Insufficient validation framing
100%
100%
Register SQL injection
100%
100%
Reset-password SQL injection
100%
100%
Comments XSS via content
100%
100%
Comments XSS via author
100%
100%
Search SQL injection
100%
100%
All four endpoints analyzed
100%
100%
Bypass mechanism in register
100%
100%
Bypass mechanism in comments
100%
100%
100%
12%Shipping Aggregator Webhook Security Review
External source data validation
Plugin invoked
0%
100%
External sources framed as untrusted
100%
100%
SQL injection in handleDeliveryEvent
100%
100%
SQL injection in handleLocationUpdate
100%
100%
Command injection in handleLocationUpdate
100%
100%
SQL injection in syncPartnerStatus
100%
100%
XSS in generateStatusPage
100%
100%
addslashes inadequacy noted
100%
100%
Code locations specified
100%
100%
Contextual impact assessment
100%
100%
Both files scanned
100%
100%
92%
4%Community Forum User Content Security Review
Frontend React XSS scanning
Plugin invoked
0%
33%
XSS in UserProfile bio
100%
100%
XSS in UserProfile badges
100%
100%
URL XSS in UserProfile website
100%
100%
XSS in PostRenderer body
100%
100%
XSS in PostRenderer editReason
100%
100%
XSS in PostRenderer dmPreview
100%
100%
XSS in MessageThread messages
100%
100%
Component-level locations
100%
100%
All three files scanned
100%
100%
Contextual impact assessment
100%
100%
dangerouslySetInnerHTML identified as risk pattern
100%
100%
99%
9%Healthcare Portal Comprehensive Security Assessment
Security skill integration audit
Plugin invoked for code
0%
90%
Dependency scanning mentioned
100%
100%
SQL injection in search_appointments
100%
100%
SQL injection in submit_intake
100%
100%
Command injection in submit_intake
100%
100%
SQL injection in send_message
100%
100%
SQL injection in view_profile
100%
100%
XSS in view_profile
100%
100%
Jinja2 safe filter risk
100%
100%
Vulnerable dependency identified
100%
100%
Healthcare contextual impact
100%
100%
Integrated remediation output
100%
100%
93%
5%Security Review: Financial Reporting API
Go REST API comprehensive input validation audit
Plugin invoked
0%
75%
SQL injection in user search
100%
100%
SQL injection in report query
100%
100%
Command injection in file processor
100%
100%
XSS in HTML report endpoint
100%
100%
Go-specific SQL safe pattern noted
100%
50%
text/template vs html/template distinction
100%
100%
All three surfaces covered
100%
100%
Code locations reported
100%
100%
Contextual severity assessment
100%
100%
External data sources treated as untrusted
100%
100%
69%
-1%Security Assessment: Employee Portal Web Application
Java servlet scanning with static analysis integration
Plugin invoked
0%
70%
Static analysis tool mentioned
0%
0%
SQL injection in LoginServlet
100%
100%
SQL injection in SearchServlet
100%
100%
XSS in SearchServlet output
100%
100%
XSS in ProfileServlet output
100%
100%
Command injection in ReportServlet
100%
100%
JDBC PreparedStatement noted as fix
100%
0%
Code locations reported
100%
100%
Contextual severity assessment
100%
100%
Combined output produced
0%
0%
94%
7%Security Audit: Community Publishing Platform
Ruby on Rails XSS and SQL injection scanning
Plugin invoked
0%
50%
html_safe XSS in comments
100%
100%
html_safe XSS in user bio
100%
100%
SQL injection in search
100%
100%
SQL injection in user lookup
100%
100%
Command injection in file processing
100%
100%
html_safe vs sanitize distinction
87%
100%
ActiveRecord string interpolation explained
100%
100%
Code locations reported
100%
100%
Contextual impact assessment
100%
100%
All input surfaces covered
100%
100%
- Commit
13d35b8
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.