Cross-Site Scripting and HTML Injection Testing

[Skill Scanner] Backtick command substitution detected This skill is a dual-use, high-risk penetration-testing playbook for XSS and HTML injection. Purpose and many capabilities align with legitimate security testing, but the presence of explicit cookie/localStorage exfiltration payloads, attacker-controlled endpoints, phishing form templates, and distribution tactics makes the content dangerous if misused or publicly accessible without strict controls. Treat as Suspicious/Dangerous: acceptable for use only in controlled, authorized red-team engagements with strict access controls; avoid publishing or installing in automated agents that have network or action permissions. LLM verification: This skill contains direct, actionable exploit payloads and delivery techniques for credential theft, keylogging, session hijacking, and phishing using XSS/HTML injection. While the stated purpose is security testing, the provided examples and hard-coded attacker endpoints demonstrate explicit malicious data-exfiltration flows and social-engineering methods. Without strong access controls, test-only sanitization, or safer PoC practices (e.g., use of inert/non-routable endpoints or locally hosted