Input Validation Sanitization Auditor

What it does

This skill assesses user input for potential vulnerabilities and sanitizes it to prevent malicious code execution. It identifies common injection flaws like SQL injection, cross-site scripting (XSS), and command injection. The skill provides recommendations for secure coding practices based on the identified risks.

When to use it

• Data Entry Forms: Validate user input in web forms before storing data in a database.
• API Endpoints: Sanitize incoming requests to prevent unauthorized access or manipulation of resources.
• Code Generation: Audit generated code for potential vulnerabilities arising from untrusted inputs.
• Scripting Tasks: Review scripts that process external data, such as parsing configuration files or executing commands based on user input.

Key capabilities

• Injection flaw detection (SQLi, XSS, Command Injection)
• Input sanitization recommendations
• Secure coding practice suggestions
• Vulnerability risk assessment

Example prompts

• "Analyze this SQL query for potential vulnerabilities: SELECT * FROM users WHERE username = '" + userInput + "'."
• "Sanitize the following user input before displaying it on a webpage: <script>alert('XSS')</script>."
• "Audit this Python script that executes shell commands based on user input and suggest improvements:"

Tips & gotchas

The effectiveness of this skill depends on providing clear, representative examples of the code or data being analyzed. It is not a replacement for comprehensive security testing but rather an aid in identifying potential issues.