Skills

unicode-security-anti-pattern

Installation
SKILL.md

Unicode Security Anti-Pattern

Severity: Medium

Summary

Applications fail to handle Unicode character representation variants, enabling username spoofing, phishing, and validation bypasses through:

  1. Confusable Characters (Homoglyphs): Identical-looking characters from different scripts (Latin 'a' vs. Cyrillic 'а').
  2. Normalization Issues: Multiple byte sequences for the same character (precomposed vs. base + combining accent).
  3. Zero-Width Characters: Non-printing characters hiding malicious content or altering string lengths.
  4. Bidirectional Text Overrides: Control characters reordering display (obfuscating exe.pdf as fdp.exe).

The Anti-Pattern

The anti-pattern is processing Unicode strings without normalization, confusable detection, or control character stripping.

BAD Code Example

Installs
7
Repository
igbuend/grimbard
GitHub Stars
5
First Seen
Feb 19, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
unicode-security-anti-pattern — igbuend/grimbard