sast-graphql
utkusen · Development
使用三阶段方法检测代码库中的GraphQL注入漏洞:侦察(确认GraphQL使用情况并定位不安全的操作文档组装点)、批量验证(并行追踪用户输入至这些点,最多3个候选点)、合并(整合批量结果)。需要sast/architecture.md(先运行sast-analysis)。输出结果至sast/graphql-results.md。若第一阶段未发现GraphQL技术,跳过后续阶段。用于查找GraphQL注入、不安全的GraphQL文档构造或操作字符串注入漏洞。
Detect GraphQL injection vulnerabilities in a codebase using a three-phase approach: recon (confirm GraphQL usage and find unsafe operation document assembly sites), batched verify (trace user input to those sites in parallel subagents, up to 3 candidate sites each), and merge (consolidate batch results). Requires sast/architecture.md (run sast-analysis first). Outputs findings to sast/graphql-results.md. If no GraphQL technology is found in Phase 1, later phases are skipped. Use when asked to find GraphQL injection, unsafe GraphQL document construction, or operation string injection bugs.
npx skills add https://github.com/utkusen/sast-skills --skill sast-graphql
星标 661 · 安装量 0