Detect command injection vulnerabilities
detecting-command-injectionskillsetup L1★381
majiayu000/claude-skill-registry ↗What it does
Identify OS command injection vulnerabilities in source code
Best for
Finding command injection during code review when automated scanners miss indirect and complex paths.
Inputs
- · source code
- · command execution call sites (system/popen/exec)
- · input trace logs
Outputs
- · vulnerability list with location
- · severity/confidence scores
- · exploitation payload examples
- · mitigation recommendations
Requires
- · static analysis/AST parsing
- · code cross-reference tools
Preconditions
Source code access required; programming language known
Failure modes
- · Partial sanitization missed
- · Indirect injection via environment variables undetected
- · Race conditions in validation logic
- · Polymorphic command execution not caught
Trust signals
- · CWE-78 references included
- · Multiple exploitation scenarios documented