# owasp-code-analysis > [STUB - Not implemented] OWASP Top 10 2021 vulnerability detection including injection, XSS, and security misconfiguration. PROACTIVELY activate for: [TODO: Define on implementation]. Triggers: [TODO: Define on implementation] - Author: Robin Mestre - Repository: robinmestre/skills-factory - Version: 20260201125424 - Stars: 0 - Forks: 0 - Last Updated: 2026-02-06 - Source: https://github.com/robinmestre/skills-factory - Web: https://mule.run/skillshub/@@robinmestre/skills-factory~owasp-code-analysis:20260201125424 --- --- name: owasp-code-analysis version: "0.1" description: > [STUB - Not implemented] OWASP Top 10 2021 vulnerability detection including injection, XSS, and security misconfiguration. PROACTIVELY activate for: [TODO: Define on implementation]. Triggers: [TODO: Define on implementation] core-integration: techniques: primary: ["[TODO]"] secondary: [] contracts: input: "[TODO]" output: "[TODO]" patterns: "[TODO]" rubrics: "[TODO]" --- # OWASP Code Analysis > **STUB: This skill is not yet implemented** > > This placeholder preserves the documented plugin structure. > See parent plugin README for planned capabilities. ## Planned Capabilities **OWASP Top 10 2021 Coverage**: | Rank | Category | Detection | |------|----------|-----------| | A01 | Broken Access Control | IDOR patterns, privilege checks | | A02 | Cryptographic Failures | Weak hashing, plaintext secrets | | A03 | Injection | SQL/NoSQL/Command injection, XSS | | A05 | Security Misconfiguration | Verbose errors, default credentials | | A06 | Vulnerable Components | CVE scanning in package.json/requirements.txt | | A07 | Authentication Failures | Weak session mgmt, missing MFA | | A08 | Data Integrity Failures | Insecure deserialization | | A09 | Security Logging Failures | Missing audit logs | | A10 | Server-Side Request Forgery | SSRF via URL params | ## Implementation Status - [ ] Core implementation - [ ] References documentation - [ ] Output templates - [ ] Integration tests