injection
Installation
SKILL.md
Injection Analysis (OWASP A03:2021)
Analyze source code for injection vulnerabilities where user-supplied data flows into interpreters without proper validation, sanitization, or parameterization. This is the most code-scannable OWASP category -- most injection patterns leave clear syntactic fingerprints in source code.
Supported Flags
Read ../../shared/schemas/flags.md for the full flag specification. This skill
supports all cross-cutting flags. Key behaviors:
| Flag | Injection-Specific Behavior |
|---|---|
--scope |
Default changed. Injection analysis focuses on files containing database queries, system calls, LDAP operations, and eval constructs. |
--depth quick |
Scanners + Grep patterns only, no data-flow tracing. |
--depth standard |
Full code read of scoped files, local data-flow analysis within each file. |
--depth deep |
Trace user input from HTTP entry points through call chains to sinks. Cross-file taint analysis. |
--depth expert |
Deep + red team simulation: craft proof-of-concept payloads, DREAD scoring. |
Related skills