Cross-Site Scripting and HTML Injection Testing

[Skill Scanner] Backtick command substitution detected This is a technically accurate and comprehensive XSS/HTML injection testing guide that correctly identifies sources, sinks, payloads, and remediation. However, it contains many operational, ready-to-run exfiltration examples and explicit attacker-hosted endpoints plus social-engineering delivery instructions that significantly increase misuse risk if distributed publicly. It should be retained only in controlled, authorized environments after sanitizing exfiltration endpoints to placeholders, adding stronger procedural guardrails, and providing safe test endpoints and audit requirements. LLM verification: This skill contains direct, actionable exploit payloads and delivery techniques for credential theft, keylogging, session hijacking, and phishing using XSS/HTML injection. While the stated purpose is security testing, the provided examples and hard-coded attacker endpoints demonstrate explicit malicious data-exfiltration flows and social-engineering methods. Without strong access controls, test-only sanitization, or safer PoC practices (e.g., use of inert/non-routable endpoints or locally hosted