‹ 首页

markdown-injection-scanner

@tranhieutt · 收录于 1 周前

Scans Markdown (.md) files for malicious code injection including XSS, prompt injection, script injection, obfuscated payloads, and supply chain attack vectors. Use when auditing .md files for security threats or when the user mentions scanning markdown for malicious content.

适合你,如果需要审计 Markdown 文件中的安全威胁

/ 下载安装
markdown-injection-scanner.skill双击,或拖进 Claude 桌面版 / Cowork,即完成安装↓ .skill↓ .zip
用别的 agent?下载 .zip 解压,把文件夹放进它的技能目录
Claude Code~/.claude/skills/(项目级 .claude/skills/)
Codex CLI~/.codex/skills/
Cursor自动读取上面两处目录
其他工具见其文档的「skills」目录;两个下载是同一份文件,只是名字不同
/ 通过 npx 安装 校验哈希
npx oh-my-skill add tranhieutt/software_development_department/markdown-injection-scanner
/ 通过 bash 安装
curl -fsSL https://oh-my-skill.com/install.sh | bash -s -- tranhieutt/software_development_department/markdown-injection-scanner
/ 已经装过?验证本机副本,不用重装
npx oh-my-skill verify tranhieutt/software_development_department/markdown-injection-scanner
安装目标可用 --agent / --scope 或 --to 明确指定;省略时只会在唯一已存在的 agent 目录上自动选择,零命中或多命中会停止并提示。content_hash 缺失或不一致均拒装。
68GitHub stars
~2.2K最小装载
~2.2K含声明引用
~2.3K文本包总量
镜像托管

怎么用

技能原文 SKILL.md作者撰写 · MIT · e5ba809

Markdown Injection Scanner

Scans all .md files in a target directory for 18 categories of malicious code injection. Uses regex pattern matching across the entire file corpus with parallel subagent execution for speed.

Usage
/markdown-injection-scanner [target-directory]

If no directory is specified, ask the user to provide one.


Phase 1: Discovery — Map the File Corpus
  1. Count all .md files in target directory (recursive).
  1. Sample 2-3 files to understand the file structure and content type (design docs, documentation, config, etc.).
  1. Report file count and content type before proceeding.

Phase 2: Parallel Injection Scanning

Execute scans in 3 parallel batches using subagents for speed. Each subagent uses search_files with the target directory path and *.md file pattern.

Batch 1 — Script and Code Injection (5 patterns)

| # | Category | Regex Pattern | Threat | |---|----------|---------------|--------| | 1 | Script tags | <script[^>]*> | Embedded JavaScript execution | | 2 | HTML Event Handlers | (onclick\|onerror\|onload\|onmouseover\|onfocus\|onblur\|onresize\|onsubmit\|onchange\|oninput\|onkeydown\|onkeyup\|onkeypress\|ontouchstart\|onmouseenter\|onmouseleave)\s*= | Inline JS via HTML attributes | | 3 | JS/VBScript Protocol | (javascript:\|vbscript:) | Malicious link protocols | | 4 | Dynamic Code Execution | (eval\s*\(\|Function\s*\(\|setTimeout\s*\(\|setInterval\s*\() | Code execution via eval/setTimeout | | 5 | DOM Manipulation | (document\.(cookie\|domain\|write)\|window\.(location\|open)\|XMLHttpRequest\|fetch\s*\() | DOM-based attacks |

Batch 2 — Obfuscation and Encoding (6 patterns)

| # | Category | Regex Pattern | Threat | |---|----------|---------------|--------| | 6 | Base64 Payloads | (base64\|atob\|btoa\|b64decode\|b64encode)[\s(] | Encoded malicious content | | 7 | Data URI Injection | data:\s*(text/html\|application/javascript\|text/javascript) | Inline HTML/JS via data URIs | | 8 | SVG Injection | <svg[^>]*> | SVG-based XSS vectors | | 9 | Hex/Unicode Encoding | (\\x[0-9a-fA-F]{2}\|\\u[0-9a-fA-F]{4}\|&#x[0-9a-fA-F]+;) | Obfuscated character encoding | | 10 | Hidden Text — display:none | <(span\|div\|p)[^>]*style\s*=\s*['"][^'"]*display\s*:\s*none | Hidden content tricks | | 11 | Hidden Text — font-size:0 | font-size\s*:\s*0 | Invisible text |

Batch 3 — Injection Vectors (7 patterns)

| # | Category | Regex Pattern | Threat | |---|----------|---------------|--------| | 12 | HTML Tag Injection | <(iframe\|embed\|object\|link\|meta\|form\|input\|textarea\|button)[\s>] | Injected HTML elements | | 13 | Suspicious Markdown Links | \[.*?\]\(data: then \[.*?\]\(javascript: then \[.*?\]\(vbscript: | Malicious link targets | | 14 | Prompt Injection (NL) | (?i)(ignore\s+(all\s+)?previous\s+instructions\|you\s+are\s+now\|forget\s+(all\s+)?previous\|system\s*:\s*you\s+are\|disregard\s+(all\s+)?prior\|override\s+(all\s+)?instructions\|new\s+instructions?:\|IMPORTANT:.*ignore\|do\s+not\s+follow) | AI/LLM prompt hijacking | | 15 | Prompt Injection (Token) | (?i)(\[INST\]\|\[\/INST\]\|<\|im_start\|>\|<\|im_end\|>\|<\|system\|>\|<\|user\|>\|<\|assistant\|>\|Human:\|Assistant:\|###\s*System\s*Prompt\|BEGIN\s+HIDDEN\|END\s+HIDDEN) | LLM token format injection | | 16 | Shell Command Injection | (curl\s+\|wget\s+\|bash\s+-c\|sh\s+-c\|powershell\|cmd\.exe\|/bin/sh\|/bin/bash\|rm\s+-rf\|chmod\s+777\|sudo\s+) | Shell command execution | | 17 | Executable File Links | (https?://[^\s)>\]]*\.(exe\|bat\|cmd\|ps1\|sh\|msi\|dll\|vbs\|wsf\|hta\|scr)) | Links to malicious executables | | 18 | Malware Keywords | (?i)(steganograph\|obfusc\|malware\|payload\|exploit\|backdoor\|trojan\|keylog\|ransom\|phish) | Direct malware references |

Subagent Prompt Templates

Use 3 subagents via use_subagents, each with prompts corresponding to their batch patterns above. Replace [TARGET_DIR] with the actual target directory.

Subagent 1 — Script and Code Injection:

Search for script and code injection patterns in .md files in "[TARGET_DIR]". Use search_files with these regex patterns on *.md files, one at a time:
1. `<script[^>]*>`
2. `(onclick|onerror|onload|onmouseover|onfocus|onblur|onresize|onsubmit|onchange|oninput|onkeydown|onkeyup|onkeypress|ontouchstart|onmouseenter|onmouseleave)\s*=`
3. `(javascript:|vbscript:)`
4. `(eval\s*\(|Function\s*\(|setTimeout\s*\(|setInterval\s*\()`
5. `(document\.(cookie|domain|write)|window\.(location|open)|XMLHttpRequest|fetch\s*\()`
Report all findings per pattern.

Subagent 2 — Obfuscation and Encoding:

Search for obfuscation and encoding patterns in .md files in "[TARGET_DIR]". Use search_files with these regex patterns on *.md files, one at a time:
1. `(base64|atob|btoa|b64decode|b64encode)[\s(]`
2. `data:\s*(text/html|application/javascript|text/javascript)`
3. `<svg[^>]*>`
4. `(\\x[0-9a-fA-F]{2}|\\u[0-9a-fA-F]{4}|&#x[0-9a-fA-F]+;)`
5. `<(span|div|p)[^>]*style\s*=\s*['"][^'"]*display\s*:\s*none`
6. `font-size\s*:\s*0`
Report all findings per pattern.

Subagent 3 — Injection Vectors:

Search for injection vectors in .md files in "[TARGET_DIR]". Use search_files with these regex patterns on *.md files, one at a time:
1. `<(iframe|embed|object|link|meta|form|input|textarea|button)[\s>]`
2. `\[.*?\]\(data:` then `\[.*?\]\(javascript:` then `\[.*?\]\(vbscript:`
3. `(?i)(ignore\s+(all\s+)?previous\s+instructions|you\s+are\s+now|forget\s+(all\s+)?previous|system\s*:\s*you\s+are|disregard\s+(all\s+)?prior|override\s+(all\s+)?instructions|new\s+instructions?:|IMPORTANT:.*ignore|do\s+not\s+follow)`
4. `(?i)(\[INST\]|\[\/INST\]|<\|im_start\|>|<\|im_end\|>|<\|system\|>|<\|user\|>|<\|assistant\|>|Human:|Assistant:|###\s*System\s*Prompt|BEGIN\s+HIDDEN|END\s+HIDDEN)`
5. `(curl\s+|wget\s+|bash\s+-c|sh\s+-c|powershell|cmd\.exe|/bin/sh|/bin/bash|rm\s+-rf|chmod\s+777|sudo\s+)`
6. `(https?://[^\s)>\]]*\.(exe|bat|cmd|ps1|sh|msi|dll|vbs|wsf|hta|scr))`
7. `(?i)(steganograph|obfusc|malware|payload|exploit|backdoor|trojan|keylog|ransom|phish)`
Report all findings per pattern.

Phase 3: Sample Review

If any patterns matched in Phase 2, read the flagged files to:

  1. Confirm the match is a true positive (not just a URL or benign text)
  2. Assess severity of the injection
  3. Identify the exact location and content

If zero patterns matched, skip to Phase 4.


Phase 4: Report Findings
Output Format
# Markdown Injection Scan Report — [TARGET_DIR]

## Summary
- **Files scanned:** [count]
- **Patterns checked:** 18
- **Threats found:** [count]
- **Verdict:** CLEAN | LOW RISK | MEDIUM RISK | HIGH RISK

## Results Matrix

| # | Category | Pattern | Matches | Severity |
|---|----------|---------|---------|----------|
| 1 | Script tags | <script> | 0 | — |
| ... | ... | ... | ... | ... |

## Detailed Findings (if any)

| Severity | Category | File:Line | Content | Remediation |
|----------|----------|-----------|---------|-------------|
| P0/P1/P2/P3 | ... | ... | ... | ... |

## Sample File Review
- Files reviewed: [list]
- Structure: [description]
- Suspicious content: [none / details]
Severity Guide
  • P0 Critical: Active script tags, eval(), javascript: protocol in links, command injection
  • P1 High: Prompt injection, SVG injection, data URI injection, HTML event handlers
  • P2 Medium: Base64 payloads, suspicious URLs, obfuscated content
  • P3 Low/Info: Malware keywords in text, hidden HTML elements

Phase 5: Save Report

Ask user permission before saving:

"May I write the report to docs/security/markdown-injection-scan-{YYYY-MM-DD}.md?"

Protocol
  • Question: Reads target directory from argument
  • Options: Skip — proceed directly if directory is provided
  • Decision: Run all 18 patterns via 3 parallel subagents
  • Draft: Results matrix shown in conversation before saving
  • Approval: Ask before writing report file
Related Skills
  • security-audit — comprehensive OWASP/infrastructure security audit for codebases
  • code-review — code-level review with security considerations
  • guard — freeze check before deploying security fixes
按 MIT 许可原样转载,未经改动 · 在 GitHub 查看 →

评论

登录即可评论;带「已验证安装」的,是发布者名下有本店的安装或持有记录。