burp-suite-web-application-testing

skills-sh:sickn33_antigravity-awesome-skills__burp-suite-web-application-testing

View source

70/100

First Seen

Feb 18, 2026

Last Scanned

Feb 20, 2026

Findings

Score

70/100

HIGH 2

Findings (2)

HIGH

Path traversal attempt SUPPLY_009

supply-chain L301

Detects path traversal patterns targeting sensitive files, including URL-encoded variants

../../../etc/passwd

FIX

Pin Git dependencies to specific commit hashes instead of branch names or tags. Branches and tags are mutable and can be updated to point to malicious code.

FP?

Likely FP if the Git reference points to a tagged release of a well-known repository, though tags are technically mutable.

HIGH

Sensitive file read pattern EXFIL_002

exfiltration L305

Detects reads of sensitive system or credential files

cat /etc/passwd

FIX

Prevent the tool from reading environment variables and sending them to external endpoints. If env access is needed, restrict it to specific variable names via an allowlist.

FP?

Likely FP if the match is documentation about how to configure environment variables, not code that reads and transmits them.