Skills
.Work. You
Rest

log-injection-anti-pattern

Community

Prevent log injection attacks.

Software Engineering#security#logging#sanitization#anti-pattern#log injection#cwe-117
Authorigbuend
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill prevents attackers from injecting malicious or misleading entries into your application logs by exploiting unsanitized user input, which can hide malicious activity or cause system misinterpretation.

Core Features & Use Cases

  • Detects unsanitized input in log messages: Identifies vulnerabilities where user-provided data is directly written to logs.
  • Provides secure logging practices: Demonstrates how to sanitize input or use structured logging to prevent injection.
  • Use Case: When reviewing code that handles user-submitted comments or system event data, this skill helps ensure that malicious strings like "\nINFO - System compromised" cannot be added to the logs.

Quick Start

Review the current code for any instances where user input is logged without proper sanitization.

Dependency Matrix

Required Modules

None required

Components

references

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: log-injection-anti-pattern
Download link: https://github.com/igbuend/grimbard/archive/main.zip#log-injection-anti-pattern

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.