How do I install security-testing?

Run `npx skills add https://github.com/aj-geddes/useful-ai-prompts --skill security-testing` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does security-testing support?

security-testing works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is security-testing free to use?

Yes. security-testing is free to install and use. It is available from the open explainx.ai skill registry published by aj-geddes.

Where can I read ratings and reviews for security-testing?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

Testing

security-testing▌

aj-geddes/useful-ai-prompts · updated Apr 8, 2026

$npx skills add https://github.com/aj-geddes/useful-ai-prompts --skill security-testing

0 commentsdiscussion

summary

Security testing identifies vulnerabilities, weaknesses, and threats in applications to ensure data protection, prevent unauthorized access, and maintain system integrity. It combines automated scanning (SAST, DAST) with manual penetration testing and code review.

skill.md

Security Testing

Overview
When to Use
Quick Start
Reference Guides
Best Practices

Overview

When to Use

Testing for OWASP Top 10 vulnerabilities
Scanning dependencies for known vulnerabilities
Testing authentication and authorization
Validating input sanitization
Testing API security
Checking for sensitive data exposure
Validating security headers
Testing session management

Quick Start

Minimal working example:

# security_scan.py
from zapv2 import ZAPv2
import time

class SecurityScanner:
    def __init__(self, target_url, api_key=None):
        self.zap = ZAPv2(apikey=api_key, proxies={
            'http': 'http://localhost:8080',
            'https': 'http://localhost:8080'
        })
        self.target = target_url

    def scan(self):
        """Run full security scan."""
        print(f"Scanning {self.target}...")

        # Spider the application
        print("Spidering...")
        scan_id = self.zap.spider.scan(self.target)
        while int(self.zap.spider.status(scan_id)) < 100:
            time.sleep(2)
            print(f"Spider progress: {self.zap.spider.status(scan_id)}%")

        # Active scan
        print("Running active scan...")
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

Guide	Contents
OWASP ZAP (DAST)	OWASP ZAP (DAST)
SQL Injection Testing	SQL Injection Testing
XSS Testing	XSS Testing
Authentication & Authorization Testing	Authentication & Authorization Testing
CSRF Protection Testing	CSRF Protection Testing
Dependency Vulnerability Scanning	Dependency Vulnerability Scanning
Security Headers Testing	Security Headers Testing
Secrets Detection	Secrets Detection

Best Practices

✅ DO

Run security scans in CI/CD
Test with real attack vectors
Scan dependencies regularly
Use security headers
Implement rate limiting
Validate and sanitize all input
Use parameterized queries
Test authentication/authorization thoroughly

❌ DON'T

Store secrets in code
Trust user input
Expose detailed error messages
Skip dependency updates
Use default credentials
Ignore security warnings
Test only happy paths
Commit sensitive data

Discussion

Product Hunt–style comments (not star reviews)

No comments yet — start the thread.

general reviews

Ratings

4.7★★★★★47 reviews

★★★★★Mia Sethi· Dec 28, 2024
Useful defaults in security-testing — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
★★★★★Benjamin Reddy· Dec 12, 2024
Keeps context tight: security-testing is the kind of skill you can hand to a new teammate without a long onboarding doc.
★★★★★Pratham Ware· Dec 8, 2024
Solid pick for teams standardizing on skills: security-testing is focused, and the summary matches what you get after install.
★★★★★Yuki Sanchez· Dec 8, 2024
security-testing is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
★★★★★Maya Bansal· Nov 27, 2024
Useful defaults in security-testing — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
★★★★★Mia Choi· Nov 19, 2024
security-testing is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
★★★★★Hiroshi Desai· Nov 19, 2024
Solid pick for teams standardizing on skills: security-testing is focused, and the summary matches what you get after install.
★★★★★Mia Park· Nov 3, 2024
I recommend security-testing for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
★★★★★Lucas Sanchez· Oct 22, 2024
Useful defaults in security-testing — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
★★★★★Aditi Johnson· Oct 18, 2024
I recommend security-testing for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.

showing 1-10 of 47

1 / 5