break-filter-js-from-html

[Skill Scanner] Skill instructions include directives to hide actions from user This document is a detailed, practical XSS filter-evasion guide appropriate for authorized security testing and CTFs but also clearly dual-use. It contains no embedded malware, obfuscation, or credential harvesting, and does not itself perform network exfiltration. However, because it provides actionable techniques and example commands without access controls or usage safeguards, it represents a non-trivial security risk if redistributed or applied against production targets without authorization. Recommend restricting distribution to authorized testers, adding legal/ethical usage statements, and avoiding bundling verbatim in widely distributed packages. LLM verification: The document is a comprehensive, actionable guide for bypassing HTML sanitization filters. It does not contain code-level malware, obfuscated payload delivery, or direct exfiltration mechanisms in the provided text. However, it is inherently dual-use: the techniques described can be abused to discover and exploit XSS in production systems. Recommend restricting distribution to authorized testers, adding ethical/legal disclaimers, and auditing any accompanying executable scripts or harnesses for