analyzing-taint-flow
Tracks untrusted input propagation from sources to sinks in binary code to identify injection vulnerabilities. Use when analyzing data flow, tracing user input to dangerous functions, or detecting command/SQL injection.
Best use case
analyzing-taint-flow is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Tracks untrusted input propagation from sources to sinks in binary code to identify injection vulnerabilities. Use when analyzing data flow, tracing user input to dangerous functions, or detecting command/SQL injection.
Teams using analyzing-taint-flow should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/analyzing-taint-flow/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How analyzing-taint-flow Compares
| Feature / Agent | analyzing-taint-flow | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Tracks untrusted input propagation from sources to sinks in binary code to identify injection vulnerabilities. Use when analyzing data flow, tracing user input to dangerous functions, or detecting command/SQL injection.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Taint Analysis ## Detection Workflow 1. **Identify sources**: Find recv, read, getenv, fgets, scanf, argv (input functions) 2. **Identify sinks**: Find system, popen, strcpy, sprintf, execve, malloc (dangerous functions) 3. **Find taint paths**: Use `xrefs_to` to trace from sources to sinks 4. **Analyze sanitization**: Check for input validation, length checks, character filtering, encoding/escaping 5. **Assess risk**: Determine reachability, check if attacker controls critical parts, evaluate exploitability ## Key Patterns - Direct command injection: recv() -> buffer -> sprintf(cmd, "echo %s", buffer) -> system(cmd) - Path traversal: fgets() -> filename -> fopen(filename, "r") - Buffer overflow via tainted size: recv() -> size_buffer -> atoi(size_buffer) -> malloc(size) ## Output Format Report taint paths with: source (function, address, context), sink (function, address, context), path (list of functions), sanitizers_found, is_vulnerable, confidence, vulnerability_type. ## Severity Guidelines - **CRITICAL**: Direct injection with no sanitization (command injection, SQL injection) - **HIGH**: Path traversal, buffer overflow via tainted size - **MEDIUM**: Potential injection with partial sanitization - **LOW**: Tainted data with limited impact ## See Also - `patterns.md` - Detailed detection patterns and exploitation scenarios - `examples.md` - Example analysis cases and code samples - `references.md` - CWE references and mitigation strategies
Related Skills
analyzing-user-feedback
Help users synthesize and act on customer feedback. Use when someone is analyzing NPS responses, processing support tickets, reviewing user research, synthesizing feedback from multiple channels, or trying to identify patterns in customer input.
analyzing-unknown-codebases
Analyze unfamiliar codebases systematically to produce subsystem catalog entries - emphasizes strict contract compliance and confidence marking
analyzing-text-patterns
Extract and analyze recurring patterns from log messages, span names, and event names using punctuation-based template discovery. Use when you need to understand log diversity, identify common message structures, detect unusual formats, or prepare for log parser development. Works by removing variable content and preserving structural markers.
Analyzing Spreadsheets
Analyzes Excel spreadsheets, summarizes trends, and recommends charts when users mention spreadsheets, Excel workbooks, or .xlsx files.
analyzing-research-papers
Expert methodology for analyzing and summarizing research papers, extracting key contributions, methodological details, and contextualizing findings. Use when reading papers from PDFs, DOIs, or URLs to create structured summaries for researchers.
analyzing-projects
Analyzes codebases to understand structure, tech stack, patterns, and conventions. Use when onboarding to a new project, exploring unfamiliar code, or when asked "how does this work?" or "what's the architecture?"
analyzing-patterns
Automatically activated when user asks to "find patterns in...", "identify repeated code...", "analyze the architecture...", "what design patterns are used...", or needs to understand code organization, recurring structures, or architectural decisions
analyzing-logs
Analyze application logs for performance insights and issue detection including slow requests, error patterns, and resource usage. Use when troubleshooting performance issues or debugging errors. Trigger with phrases like "analyze logs", "find slow requests", or "detect error patterns".
analyzing-implementations
Documents HOW code works with surgical precision - traces data flow, explains implementation details, provides file:line references. Purely documentarian, no critiques or suggestions for improvement.
analyzing-funding-landscape
Analyzes venture capital, investment trends, funding rounds, investor strategies, M&A activity, and funding patterns in specific markets or industries. Use when the user requests funding analysis, VC landscape research, investment trend analysis, or wants to understand investor activity and funding dynamics.
analyzing-frontend-layer
Use when analyzing frontend/UI layer including components, state management, routing, and API integration (optional - skip if no frontend exists)
analyzing-deeply
Performs deep structured analysis on complex or ambiguous problems. Activates when problems are unclear, have multiple perspectives, or require careful thinking before proceeding. Uses ultrathink methodology for systematic exploration of problem space.