Provide a comprehensive, structured reference for the 100 most critical web application vulnerabilities organized by category. This skill enables systematic vulnerability identification, impact assessment, and remediation guidance across the full spectrum of web security threats. Content organized into 15 major vulnerability categories aligned with industry standards and real-world attack patterns.
Restart Cursor to activate top-100-web-vulnerabilities-reference. Access via /top-100-web-vulnerabilities-reference in your agent's command palette.
β
Security Notice
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Provide a comprehensive, structured reference for the 100 most critical web application vulnerabilities organized by category. This skill enables systematic vulnerability identification, impact assessment, and remediation guidance across the full spectrum of web security threats. Content organized into 15 major vulnerability categories aligned with industry standards and real-world attack patterns.
Prerequisites
Basic understanding of web application architecture (client-server model, HTTP protocol)
Familiarity with common web technologies (HTML, JavaScript, SQL, XML, APIs)
Understanding of authentication and authorization concepts
Access to web application security testing tools (Burp Suite, OWASP ZAP)
Knowledge of secure coding principles recommended
Outputs and Deliverables
Complete vulnerability catalog with definitions, root causes, impacts, and mitigations
Category-based vulnerability groupings for systematic assessment
Quick reference for security testing and remediation
Foundation for vulnerability assessment checklists and security policies
Core Workflow
Phase 1: Injection Vulnerabilities Assessment
Evaluate injection attack vectors targeting data processing components:
SQL Injection (1)
Definition: Malicious SQL code inserted into input fields to manipulate database queries
Root Cause: Lack of input validation, improper use of parameterized queries
Impact: Unauthorized data access, data manipulation, database compromise
Mitigation: Use parameterized queries/prepared statements, input validation, least privilege database accounts
Cross-Site Scripting - XSS (2)
Definition: Injection of malicious scripts into web pages viewed by other users
Root Cause: Insufficient output encoding, lack of input sanitization
βΊAccess to product documentation and roadmap tools (Jira, Notion, etc.)
βΊUnderstanding of product management frameworks (RICE, Jobs-to-be-Done, etc.)
βΊStakeholder contact information and communication channels
Time Estimate
30-60 minutes to see productivity improvements
Steps
1Install product management skill
2Start with user story generation for known feature
3Progress to competitive analysis: research 2-3 competitors
4Use for roadmap prioritization: apply RICE/ICE scoring
5Draft stakeholder communications and refine based on feedback
6Build template library for recurring PM tasks
7Share effective prompts with product team
Common Pitfalls
β Not validating competitive researchβverify facts before sharing
β Accepting user stories without involving engineering team
β Over-relying on frameworks without qualitative judgment
β Not customizing outputs to company culture and communication style
β Skipping stakeholder validation of generated requirements
Best Practices
β Do
+Validate research and competitive analysis with real data
+Collaborate with engineering when generating technical requirements
+Customize frameworks and templates to your company context
+Use skill for first drafts, refine with stakeholder input
+Document successful prompt patterns for PM tasks
+Combine AI efficiency with human judgment and intuition
β Don't
βDon't publish competitive analysis without fact-checking
βDon't finalize user stories without engineering review
βDon't make prioritization decisions solely on AI scoring
βDon't skip customer validation of generated requirements
βDon't ignore company-specific context and culture
π‘ Pro Tips
β Provide context: company goals, constraints, customer feedback
β Ask for alternatives: 'Show 3 ways to prioritize this roadmap'
β Request stakeholder-specific formatting: 'Executive summary vs. engineering spec'
β Use skill for 70% generation + 30% customization to company needs
When to Use This
β Use when
Use for user story writing, competitive research, roadmap prioritization, stakeholder communication, and PRD drafting. Best for reducing repetitive documentation and research work.
β Avoid when
Avoid for strategic product vision (requires deep customer empathy), pricing decisions (needs market and financial expertise), or when face-to-face customer discovery is more valuable than speed.
Learning Path
1Basic: user stories, feature specs, status updates
top-100-web-vulnerabilities-reference has been reliable in day-to-day use. Documentation quality is above average for community skills.
C
Chen Abebeβ β β β β Dec 28, 2024
Useful defaults in top-100-web-vulnerabilities-reference β fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
L
Liam Parkβ β β β β Dec 8, 2024
We added top-100-web-vulnerabilities-reference from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
G
Ganesh Mohaneβ β β β β Dec 4, 2024
Useful defaults in top-100-web-vulnerabilities-reference β fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
L
Liam Shahβ β β β β Nov 27, 2024
Registry listing for top-100-web-vulnerabilities-reference matched our evaluation β installs cleanly and behaves as described in the markdown.
C
Charlotte Wangβ β β β β Nov 27, 2024
Solid pick for teams standardizing on skills: top-100-web-vulnerabilities-reference is focused, and the summary matches what you get after install.
S
Sakshi Patilβ β β β β Nov 23, 2024
top-100-web-vulnerabilities-reference is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
C
Charlotte Liβ β β β β Nov 19, 2024
top-100-web-vulnerabilities-reference fits our agent workflows well β practical, well scoped, and easy to wire into existing repos.
L
Liam Wangβ β β β β Nov 19, 2024
top-100-web-vulnerabilities-reference is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
L
Liam Tandonβ β β β β Oct 18, 2024
top-100-web-vulnerabilities-reference reduced setup friction for our internal harness; good balance of opinion and flexibility.
