File Upload Security (UPLD)

Analyze source code for file upload vulnerabilities including client-only validation, missing content-type verification, no magic byte checking, path traversal in filenames, upload to webroot with execution, and zip slip (archive extraction path traversal). Insecure file uploads can lead to remote code execution, denial of service, and data exfiltration.

Supported Flags

Read ../../shared/schemas/flags.md for the full flag specification. This skill supports all cross-cutting flags. Key flags for this skill:

• --scope determines which files to analyze (default: changed)
• --depth standard reads code and checks upload handlers
• --depth deep traces file paths from upload through storage to serving
• --severity filters output (upload issues are often critical or high)

Framework Context