Skills

exploiting-prototype-pollution-in-javascript

Installation
SKILL.md

Exploiting Prototype Pollution in JavaScript

When to Use

  • When testing Node.js or JavaScript-heavy web applications
  • During assessment of APIs accepting deep-merged JSON objects
  • When testing client-side JavaScript frameworks for DOM XSS via prototype pollution
  • During code review of object merge/clone/extend operations
  • When evaluating npm packages for prototype pollution gadgets

Prerequisites

  • Burp Suite with DOM Invader extension for client-side prototype pollution detection
  • Node.js development environment for server-side testing
  • Understanding of JavaScript prototype chain and object inheritance
  • Knowledge of common pollution gadgets (sources, sinks, and exploitable properties)
  • Prototype Pollution Gadgets Scanner Burp extension for server-side detection
  • Browser developer console for client-side prototype manipulation

Legal Notice: This skill is for authorized security testing and educational purposes only. Unauthorized use against systems you do not own or have written permission to test is illegal and may violate computer fraud laws.

Related skills

More from mukul975/anthropic-cybersecurity-skills

Installs
32
Repository
mukul975/anthro…y-skills
GitHub Stars
6.3K
First Seen
Mar 15, 2026
Security Audits
Gen Agent Trust HubWarn
SocketPass
SnykFail