Explore

Find agent skills by outcome

35,327 skills indexed with the new KISS metadata standard.

Showing 24 of 35,327Categories: General, Data, Cursor-rules, Coding

PromptBeginner5 minmarkdown

- Hard-coded secrets

API keys

PromptBeginner5 minmarkdown

- Outdated or vulnerable dependencies (check package-lock.json

yarn.lock

PromptBeginner5 minmarkdown

Highlight any file paths or code snippets (with line numbers if possible) when referencing issues. If something is unclear or a file is missing

ask for clarification.

PromptBeginner5 minmarkdown

- File upload vulnerabilities (mime check

path traversal)

PromptBeginner5 minmarkdown

- Potential logic flaws (price tampering

race conditions)

PromptBeginner5 minmarkdown

- XSS risks (unsafe innerHTML

lack of sanitization/escaping)

PromptBeginner5 minmarkdown

- Potential IDOR vectors (user IDs in URLs

file paths)

PromptBeginner5 minmarkdown

- Command injection (exec

eval

PromptBeginner5 minmarkdown

- Rate limiting

brute-force protection

PromptBeginner5 minmarkdown

- JWT implementation (signature verification

expiration

PromptBeginner5 minmarkdown

- Password storage (hashing algorithm

salting)

PromptBeginner5 minmarkdown

- Session/cookie security flags (Secure

HttpOnly

PromptBeginner5 minmarkdown

- Server/framework configurations (debug mode

error handling

PromptBeginner5 minmarkdown

- Dockerfile and container security (USER

exposed ports

PromptBeginner5 minmarkdown

- Environment variables and secrets management (.env files

hard-coded keys)

PromptBeginner5 minmarkdown

- Authentication method (JWT

sessions

PromptBeginner5 minmarkdown

- Architecture (monolith

microservices

PromptBeginner5 minmarkdown

- Key features (user roles

payments

PromptBeginner5 minmarkdown

Do not require a public URL — analyze everything from the source code

package managers (package.json

PromptBeginner5 minmarkdown

Conduct the analysis following OWASP Top 10 (2021 or latest)

OWASP ASVS

PromptBeginner5 minmarkdown

- Tech stack (frontend

backend

PromptBeginner5 minmarkdown

Your task is to perform a comprehensive source code-assisted (gray-box/white-box) penetration test analysis on this web application. Base your analysis on the actual code

dependencies

PromptBeginner5 minmarkdown

White-Box Web Application Security Audit & Penetration Testing Prompt for AI Code Editors (Cursor, Windsurf, Antigravity)

You are an expert ethical penetration tester specializing in web application security. You currently have full access to the source code of the project open in this editor (including backend, frontend...

PromptBeginner5 minmarkdown

- The output language is Chinese

and the exam was conducted in China.