What is a Trojan Source attack and why is it relevant to Hebrew code?

A Trojan Source attack uses Unicode bidirectional characters to hide malicious code. In code containing Hebrew and English the risk is higher because RTL characters already exist legitimately in the codebase.

Is it mandatory to register a database with the Privacy Protection Authority?

With Amendment 13 (August 2025), the requirement was narrowed mainly to public bodies and data brokers with 10,000+ records. Most private companies are exempt, but consult a legal advisor to confirm.

What is the risk of leaking Israeli payment gateway keys?

Keys for Cardcom, Tranzila, or PayMe enable credit card charges. A leak could result in unauthorized charges and PCI DSS liability.

Is the Israeli Privacy Protection Law similar to GDPR?

Basic principles are similar, but differences are significant: GDPR requires a DPO, detailed legal basis, and higher fines. Israeli law was updated in Amendment 13 (2025) which added mandatory DPO appointment for certain entities.

How do you protect Israeli payment forms from CSRF?

Use a unique CSRF token per form, verify the token server-side, and set SameSite=Strict on session cookies. Especially important for Cardcom and Tranzila payment forms.

Israeli AppSec Scanner

Verified96/100

Before deciding whether to install, talk to the skill

Security scanning guidance for Israeli web applications covering OWASP Top 10, Israeli Privacy Protection Authority (PPA) compliance, dependency vulnerability scanning, secrets detection, and secure coding patterns for Hebrew/RTL apps.

The Problem

Israeli developers build web applications without dedicated security scanning tools that account for the Israeli context: Hebrew input requiring special sanitization, Unicode bidirectional text attacks, Privacy Protection Law requirements, and leakage of Israeli service API keys. Without tailored scanning, vulnerabilities specific to Israeli applications remain undetected.

skills-il Security & Compliance|86installs385views

0Write a Review

1.1.0MITGitHub

86installs385views

0Write a Review

Updated: April 30, 2026|Tags:application-security vulnerability-scanning OWASP privacy cybersecurity israel

npx skills-il add skills-il/security-compliance@v1.1.0-israeli-appsec-scanner --skill israeli-appsec-scanner -a claude-code

Install on Claude.ai, Claude Desktop, ChatGPT, Manus, or other platforms

1. Click "Download ZIP" to download the skill files.
2. Open Claude Desktop and go to Customize > Skills.
3. Click "+" and select "Upload a skill", then upload the ZIP file.
4. Start a new conversation. The skill will activate automatically when relevant.

A new version released? How to update your installed skill

Not sure how? Read the guide

When to Apply

When you want to perform a comprehensive security scan on an Israeli application
When you need to verify compliance with the Privacy Protection Law and 2017 regulations
When you want to detect leaked API keys for Israeli services like Cardcom or Tranzila
When testing a Hebrew-input application against XSS and SQL injection attacks
When preparing an application for SOC 2 or PCI DSS audit

Try These Prompts

Full Security Scan

Run a full security scan of my application against OWASP Top 10 with focus on Hebrew input and RTL attacks

Secrets Leak Check

Scan my project for leaked API keys of Israeli services like Cardcom, Tranzila, and Supabase

Privacy Law Compliance Check

Check if my application complies with the Israeli Privacy Protection Law and 2017 security regulations

Trojan Source Protection

Scan my codebase for hidden Unicode bidirectional characters that could alter code logic

Frequently Asked Questions

Changelog

v1.1.0

Added OWASP Top 10 2025 cross-walk note (SSRF folded into A01, new A03 Supply Chain, new A10 Mishandling, A09 renamed to Security Logging and Alerting Failures). Trivy v0.69.4 supply-chain compromise warning. Expanded Amendment 13 breach-notification details (72h window, NIS 100K statutory damages, 100K-individual sensitive-data tier).

Apr 28, 2026

v1.0.2

Added Reference Links section (OWASP, PPA, INCD, Trivy, Snyk, TruffleHog). Fixed portability_score.

Apr 15, 2026

Related Skills

Pikud HaOref Safety Protocols

Verified·90

Author: skills-il

v1.1.0

Safety protocols per Home Front Command alert type. Covers missiles, hostile aircraft, earthquake, tsunami, hazardous materials, and terrorist infiltration. Includes regional response times, special population guidance, and post-alert exit procedures.

Ask the Skill

0.05142

Claude CodeCursorWindsurf+2

Israeli Cyber Regulations

Verified·90

Author: skills-il

v1.1.0PopularTrending

Israeli cybersecurity regulatory framework guidance covering INCD (Ma'arach HaSyber) national directives, Bank of Israel Directive 361 (cyber for financial institutions), Directive 357 (payment security), ISA requirements for TASE-listed companies, and sector-specific rules for fintech and healthtech. Use when user asks about cyber regulation Israel, INCD compliance, Bank of Israel directives, ISA cyber requirements, or sector cyber rules. Do NOT use for privacy law compliance (use israeli-privacy-compliance instead).

Ask the Skill

0.039311

Claude CodeCursorGitHub Copilot+5

Israeli E-Commerce Compliance

Verified·97

Author: skills-il

v1.2.0PopularTrending

Audit and ensure Israeli e-commerce legal compliance, Consumer Protection Law, return policies, price display, accessibility, and cookie consent. Use when user asks about "online store compliance Israel", "Chok Hagnat HaTzarchan", "consumer protection Israel", "return policy Israel", "IS 5568 ecommerce", "cookie consent Israel", or "חוק הגנת הצרכן". Covers cooling-off period validation, price display requirements, Hebrew terms of service generation, accessibility compliance (IS 5568), and business disclosure verification. Do NOT use for food-specific compliance (use israeli-food-business-compliance) or privacy/GDPR (use israeli-privacy-shield).

Ask the Skill

0.0192497

Claude CodeCursorGitHub Copilot+6

Found an issue with this skill?

Want to build your own skill? Try the Skill Creator · Submit a Skill

Reviews (0)

No reviews yet. Be the first to write one!

Israeli AppSec Scanner

Verified96/100

Before deciding whether to install, talk to the skill

The Problem

skills-il Security & Compliance|86installs385views

0Write a Review

1.1.0MITGitHub

86installs385views

0Write a Review

Updated: April 30, 2026|Tags:application-security vulnerability-scanning OWASP privacy cybersecurity israel

npx skills-il add skills-il/security-compliance@v1.1.0-israeli-appsec-scanner --skill israeli-appsec-scanner -a claude-code

Install on Claude.ai, Claude Desktop, ChatGPT, Manus, or other platforms

1. Click "Download ZIP" to download the skill files.
2. Open Claude Desktop and go to Customize > Skills.
3. Click "+" and select "Upload a skill", then upload the ZIP file.
4. Start a new conversation. The skill will activate automatically when relevant.

A new version released? How to update your installed skill

Not sure how? Read the guide

When to Apply

When you want to perform a comprehensive security scan on an Israeli application
When you need to verify compliance with the Privacy Protection Law and 2017 regulations
When you want to detect leaked API keys for Israeli services like Cardcom or Tranzila
When testing a Hebrew-input application against XSS and SQL injection attacks
When preparing an application for SOC 2 or PCI DSS audit

Try These Prompts

Full Security Scan

Run a full security scan of my application against OWASP Top 10 with focus on Hebrew input and RTL attacks

Secrets Leak Check

Scan my project for leaked API keys of Israeli services like Cardcom, Tranzila, and Supabase

Privacy Law Compliance Check

Check if my application complies with the Israeli Privacy Protection Law and 2017 security regulations

Trojan Source Protection

Scan my codebase for hidden Unicode bidirectional characters that could alter code logic

Frequently Asked Questions

Changelog

v1.1.0

Apr 28, 2026

v1.0.2

Added Reference Links section (OWASP, PPA, INCD, Trivy, Snyk, TruffleHog). Fixed portability_score.

Apr 15, 2026

Related Skills

Pikud HaOref Safety Protocols

Verified·90

Author: skills-il

v1.1.0

Ask the Skill

0.05142

Claude CodeCursorWindsurf+2

Israeli Cyber Regulations

Verified·90

Author: skills-il

v1.1.0PopularTrending

Ask the Skill

0.039311

Claude CodeCursorGitHub Copilot+5

Israeli E-Commerce Compliance

Verified·97

Author: skills-il

v1.2.0PopularTrending

Ask the Skill

0.0192497

Claude CodeCursorGitHub Copilot+6

Found an issue with this skill?

Want to build your own skill? Try the Skill Creator · Submit a Skill

Reviews (0)

No reviews yet. Be the first to write one!

Israeli AppSec Scanner

When to Apply

Try These Prompts

Developer & AI Agent Instructions

Security Analysis

Quality Score

Performance Data

Frequently Asked Questions

What is a Trojan Source attack and why is it relevant to Hebrew code?

What is a Trojan Source attack and why is it relevant to Hebrew code?

Is it mandatory to register a database with the Privacy Protection Authority?

Is it mandatory to register a database with the Privacy Protection Authority?

What is the risk of leaking Israeli payment gateway keys?

What is the risk of leaking Israeli payment gateway keys?

Is the Israeli Privacy Protection Law similar to GDPR?

Is the Israeli Privacy Protection Law similar to GDPR?

How do you protect Israeli payment forms from CSRF?

How do you protect Israeli payment forms from CSRF?

Changelog

Related Skills

Pikud HaOref Safety Protocols

Israeli Cyber Regulations

Israeli E-Commerce Compliance

Reviews (0)

Israeli AppSec Scanner

When to Apply

Try These Prompts

Developer & AI Agent Instructions

Security Analysis

Quality Score

Performance Data

Frequently Asked Questions

What is a Trojan Source attack and why is it relevant to Hebrew code?

What is a Trojan Source attack and why is it relevant to Hebrew code?

Is it mandatory to register a database with the Privacy Protection Authority?

Is it mandatory to register a database with the Privacy Protection Authority?

What is the risk of leaking Israeli payment gateway keys?

What is the risk of leaking Israeli payment gateway keys?

Is the Israeli Privacy Protection Law similar to GDPR?

Is the Israeli Privacy Protection Law similar to GDPR?

How do you protect Israeli payment forms from CSRF?

How do you protect Israeli payment forms from CSRF?

Changelog

Related Skills

Pikud HaOref Safety Protocols

Israeli Cyber Regulations

Israeli E-Commerce Compliance

Reviews (0)