Harness-engineering security-deserialization-attacks

name: security-deserialization-attacks

install

source · Clone the upstream repo

git clone https://github.com/Intense-Visions/harness-engineering

manifest: agents/skills/codex/security-deserialization-attacks/skill.yaml

source content

name: security-deserialization-attacks version: '1.0.0' description: Insecure deserialization vulnerabilities -- gadget chains, object injection, and why accepting serialized objects from untrusted sources is inherently dangerous stability: static cognitive_mode: advisory-guide type: knowledge tier: 3 triggers:

manual platforms:
claude-code
gemini-cli
cursor
codex tools: [] paths: [] related_skills:
security-injection-families
security-memory-safety
owasp-injection-prevention stack_signals: [] keywords:
deserialization
insecure deserialization
gadget chain
object injection
Java serialization
pickle
PHP unserialize
YAML deserialization
remote code execution
RCE metadata: author: community state: persistent: false files: [] depends_on: []