tahr-trace-dangerous-inputs

Installation
SKILL.md

Trace Dangerous Inputs

Find complete attacker-controlled data paths. Do not report a dangerous API call, suspicious regex match, reflection, or error without proving reachability and impact.

Set a safe review mode

  1. Identify repository roots, runtime targets, specifications, traffic, authentication context, and authorized scope.
  2. Default to static tracing when live testing is not explicitly authorized.
  3. Keep runtime probes low volume, non-destructive, and tied to exact discovered operations. Do not test login credential fields, customer objects, real payment/order flows, or unrelated infrastructure.
  4. Require a disposable fixture before uploads, persistent content, webhook registration, or other mutations. Define readback and cleanup first.
  5. Use harmless unique markers, controlled callbacks, safe owned canaries, and low-impact commands only. Never delete data, establish persistence, dump broad files/databases, scan internal networks, or alter cloud resources.

Build the source-to-sink map

Read source-sink-matrix.md. For every candidate path, record:

Installs
3
First Seen
1 day ago
tahr-trace-dangerous-inputs — tahr-security/tahr-security-skills