Stats
Actions
Tags
From soundcheck
Detects unsafe rendering or execution of LLM output enabling XSS, command injection, or second-order injection.
How this skill is triggered — by the user, by Claude, or both
Slash command
/soundcheck:insecure-output-handlingThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Protects against XSS, command injection, and second-order injection that arise when
Protects against XSS, command injection, and second-order injection that arise when LLM output is treated as trusted. The model may produce malicious content through prompt injection or hallucination; downstream systems must sanitize it the same way they would sanitize raw user input.
innerHTML, dangerouslySetInnerHTML, v-html, server-side mark_safe) without sanitizationeval, exec, or a subprocess call with shell expansion enabledFlag the vulnerable code and explain the risk. Translate the principles below to the audited file's language, UI framework, and database driver — use that stack's documented escaping, sanitizer, and parameter-binding APIs.
For each finding, establish these properties:
injection skill.Confirm the response:
npx claudepluginhub thejefflarson/soundcheck --plugin soundcheckSanitizes LLM output before rendering HTML, executing code, or inserting into databases to prevent XSS, injection, and RCE attacks.
Detects direct and indirect prompt injection in LLM applications. Flags user input or retrieved documents that could hijack model instructions, and enforces trust-tier separation, input screening, and output validation.
Audit applications for AI prompt injection, agent security, and LLM permission boundary vulnerabilities. Use when securing AI features or agents.