Are the fixes compliant with industry standards?

Yes, the remediation patterns are aligned with OWASP Top 10 guidelines and Application Security Verification Standard (ASVS) requirements.

How does it help with React security?

It includes specific patterns for React's rendering behavior, covering safe link handling and the proper use of sanitization libraries like DOMPurify when rendering HTML.

Which programming languages are supported?

It provides secure code examples for Python, JavaScript/TypeScript (Node.js/React), Java (JDBC/JPA), and Go.

Can it help me with database-specific injections?

Yes, it provides examples for common database drivers and ORMs including SQLAlchemy, Prisma, Knex.js, and standard SQL drivers for Go and Java.

Does this skill detect vulnerabilities in my code?

No, this skill is specifically designed for remediation. To detect vulnerabilities, you should use a companion skill such as 'vulnerability-patterns'.

Remediation: Injection Vulnerabilities

Name: Remediation: Injection Vulnerabilities
Author: Zate

byZate

0•

Security & Testing

Provides actionable code patterns and best practices to fix SQL injection, command injection, and cross-site scripting (XSS) across multiple programming languages.

The Remediation: Injection Vulnerabilities skill equips Claude with specialized knowledge to resolve critical security flaws. It offers language-specific 'Before' and 'After' code examples for Python, JavaScript, Java, and Go, covering modern frameworks and ORMs like SQLAlchemy, Prisma, and Hibernate. This skill is ideal for developers fixing vulnerabilities found during security audits or for improving code quality during reviews, ensuring all implementations align with OWASP standards and Application Security Verification Standard (ASVS) requirements.

Key Features

01Multi-language remediation patterns for Python, JS/TS, Java, and Go

02Safe OS command execution patterns using argument arrays instead of shells

03Direct references to OWASP and ASVS security standards

04Secure SQL implementation using parameterized queries and ORMs

05XSS prevention through auto-escaping, sanitization, and DOMPurify

060 GitHub stars

Use Cases

01Replacing unsafe shell command executions with secure subprocess argument lists

02Refactoring vulnerable SQL queries into secure parameterized statements after an audit

03Implementing proper output encoding and sanitization to prevent XSS in web applications

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add zate/cc-plugins remediation-injection

For use in Claude.ai and ChatGPT

Download Skill