Don't Click This
A security research demonstration showcasing stored XSS vulnerabilities via SVG files in skill documentation. Illustrates how malicious skills could steal session tokens, authentication cookies, and impersonate users on the platform.
🚀 This is a security awareness demonstration that highlights a critical vulnerability in skill platforms. It shows how attackers can use malicious links embedded in skill documentation to steal your session tokens, cookies, and authentication credentials through stored XSS attacks via SVG files.
💡 Use this as an educational tool to understand real security risks when interacting with third-party skills and content online. It's a practical reminder to always verify links before clicking, especially while logged into important accounts, and to be cautious about which skills you trust.
✨ This research by @theonejvo demonstrates why security vigilance matters—even a simple click can compromise your account if you're not careful about the sources you interact with.
Requirements
No additional requirements.