API Security Testing Workflow

Trust Score 77/100

Structured workflow for testing REST and GraphQL API security: authentication, authorization, input validation, rate limiting, and common API vulnerabilities.

triggers:api securitytest apigraphql securityauthentication testingauthorization testingapi fuzzingrate limitingbug bounty

GitHub SKILL.md

What it does

Provides a step-by-step API security testing workflow that guides an agent through discovery, authentication and authorization checks, input validation and injection testing, rate-limiting checks, GraphQL-specific tests, and error-handling review. The skill sequences concrete actions, suggested sub-skills, and copy-paste prompts so an agent can run systematic tests and produce a replicable report.

When to use it

Use this skill when assessing the security posture of REST or GraphQL endpoints: during security reviews, bug bounty triage, pre-release audits, or when investigating suspicious API behavior. It's designed for scenarios where an organized checklist and phased approach reduce missed vectors.

What's included

Scripts: none in this SKILL (has_scripts=false)
References: none embedded (has_references=false)
Instructions: phased workflow covering API discovery, authentication testing (API keys, JWT, OAuth2), authorization checks (IDOR, role enforcement), input validation (SQL/NoSQL/command injection), rate limiting tests, GraphQL introspection and complexity checks, and error-handling verification. Copy-paste prompts are provided for invoking companion skills.

Compatible agents

Intended for agent runtimes that support skill orchestration and sub-skill invocation (Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity-style bundles).

Audit Summary

A structured workflow skill for API security testing covering REST and GraphQL endpoints. No bundled scripts — it's purely instructional, referencing other skills like api-fuzzing-bug-bounty and broken-authentication. The SKILL.md is well-organized into 7 phases with checklists, but each phase is shallow: just action lists and copy-paste prompts rather than actionable instructions.

Watch Out

Purely a meta-workflow that references other skills — doesn't execute anything on its own
No scripts to validate or test

Notes

Safe skill — no security concerns. Essentially a well-structured checklist/meta-workflow. Limited standalone value since it depends entirely on invoking other skills. Architecture is decent but lacks scripts/references directories and has no output contracts.

Information

Repository: antigravity-awesome-skills
Stars: 41,242
Installs: 0

Trust Score

Overall77

Security98

Code Quality58

Architecture55

Usefulness45

More from antigravity-awesome-skills

Reverse Engineer

Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for

Node.js Best Practices

Guidelines and decision-making for Node.js architecture, runtime, async patterns, security, validation, and testing to inform framework and system choices.

Angular Migration

Guides developers through migrating AngularJS (1.x) apps to modern Angular (2+), with hybrid ngUpgrade approaches, component/service conversions, DI strategies,

DOCX Official

Workflows and tools to create, edit, analyze, and convert .docx files safely and reproducibly, including tracked-change redlining and raw OOXML access.

Makepad Basics

Guides agents to create, structure, and bootstrap Rust Makepad applications using makepad-widgets (dev branch) with code patterns, macros, and event handling.

STRIDE Analysis Patterns

Apply the STRIDE threat-modeling methodology to systematically identify and document security threats during design, reviews, or audits.

Makepad Event & Action Handling

Guides handling of input, lifecycle, and widget actions in Makepad apps — events, hit testing, timers, and parent-child action flow.

Makepad Basics

Guides agents to generate and explain Rust Makepad apps: setup, live_design!, app_main!, widget wiring and common patterns for cross-platform GUI development.

Makepad Basics (Claude variant)

Agent skill for Makepad starter apps: generates Rust examples, explains live_design! patterns, and guides event handling and widget wiring for beginner projects

Claimable Postgres (pg.new)

Provision temporary Postgres databases (pg.new) instantly for demos, prototyping, and local development; returns a connection string and claim URL (72-hour expi

Related Skills

Development Worktree

Create an isolated git worktree for feature work, auto-run project setup, and verify a clean test baseline before development.

ds-fix — data-science mid-analysis fixer

Orchestrates diagnosis and targeted fixes mid-analysis: diagnose root cause, apply fixes with output-first verification, and update project learnings.

Bounty Hunter — Atlas

Persona skill: 'Atlas' — a profit-focused developer persona for discovering, evaluating and executing paid bounties or freelance tasks with ROI-aware workflows.

TradeOS

Natural-language driven CEX trading and portfolio management for agents: API key vaulting, multi-exchange orders, DCA, arbitrage scanning, alerts and security r

Full Stack Builder

End-to-end builder that scaffolds, implements, tests, and optionally deploys web and API applications from a natural-language specification.

ezBookkeeping API Tools

Command-line API tools for ezBookkeeping: record and query transactions, retrieve accounts/categories/tags, and fetch exchange rates for self-hosted personal fi

Claw Bench

Benchmarking skill that guides an agent through a structured suite of capability tests and reporting steps for leaderboard submission.

Java 25 & Spring Boot 4 Code Reviewer

Run focused, evidence-based code reviews for Java 25 and Spring Boot 4 projects — migration risks, architecture boundaries, null-safety (JSpecify), security, an

API Security Testing Workflow

What it does

When to use it

What's included

Compatible agents