Cross-Site Scripting and HTML Injection Testing
Detect and exploit stored, reflected, and DOM-based XSS and HTML injection flaws.
๐ก๏ธ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for Cross-Site Scripting and HTML Injection Testing, derived from its capabilities.
AIVSS 9.2 ยท Critical
View MAESTRO 7-layer threat model โOverview
An Agent Skill (author zebbern) for client-side injection assessment: identifying and exploiting XSS and HTML injection across stored, reflected, and DOM-based vectors, plus cookie theft, session hijacking, and CSP bypass. It validates input sanitization and output encoding, driving the agent's offensive web testing.
Key features
- Stored/reflected/DOM XSS techniques
- Cookie theft and session hijacking
- CSP-bypass and encoding validation
Use cases
- Testing web apps for XSS
- Validating output-encoding defenses