API Security Testing Workflow

Trust Score 74/100

A step-by-step workflow for testing REST and GraphQL APIs, covering authentication, authorization, input validation, rate limiting, GraphQL checks, and error-ha

triggers:api securityapi testinggraphql securityauthentication testingauthorization testingapi fuzzingrate limit test

GitHub SKILL.md

What it does

This skill provides a structured API security testing workflow for REST and GraphQL services. It breaks testing into clear phases — discovery, authentication, authorization, input validation, rate limiting, GraphQL-specific checks, and error handling — and includes actionable prompts and checklists to guide automated or human-led testing. The workflow is designed for security engineers, bug bounty hunters, and automated agent pipelines that need repeatable, comprehensive API assessments.

When to use it

Use this skill when you need to validate the security posture of an API (public or internal), run bug-bounty style discovery, audit authentication and authorization logic, verify rate-limiting and brute-force protections, or evaluate GraphQL-specific attack surfaces. It is appropriate for pre-release security checks, incident investigations, and integration into agentic test runners.

What's included

Scripts: none bundled in the SKILL (procedural prompts and phase actions are included).
References: none listed in the SKILL, but the workflow invokes related skills (api-fuzzing-bug-bounty, scanning-tools, broken-authentication, idor-testing, sql-injection-testing).
Instructions: phase-by-phase actions, copy-paste prompts to call supporting skills, a security checklist, and defined quality gates for reporting and remediation.

Compatible agents

Intended for agentic platforms that can orchestrate workflow calls (Claude Code, Cursor, Codex CLI, Gemini CLI, and similar agent runtimes). It is language-agnostic and designed to be invoked as a procedural testing bundle.

Audit Summary

A multi-phase workflow skill for API security testing (REST + GraphQL) that references other skills like api-fuzzing-bug-bounty and broken-authentication. Well-organized with 7 clear phases and checklists, but contains no executable scripts — purely instructional. Limited standalone value since it delegates all actual work to other skills.

Watch Out

Purely a workflow/coordination skill — requires other referenced skills to be installed
No executable scripts included

Notes

Meta-skill that orchestrates other skills. Clean from a security perspective with no scripts to audit. Useful as a checklist but provides no direct tooling.

Information

Repository: antigravity-awesome-skills
Stars: 39,971
Installs: 0

Trust Score

Overall74

Security95

Code Quality55

Architecture52

Usefulness45

More from antigravity-awesome-skills

Reverse Engineer

Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for

Node.js Best Practices

Guidelines and decision-making for Node.js architecture, runtime, async patterns, security, validation, and testing to inform framework and system choices.

Angular Migration

Guides developers through migrating AngularJS (1.x) apps to modern Angular (2+), with hybrid ngUpgrade approaches, component/service conversions, DI strategies,

DOCX Official

Workflows and tools to create, edit, analyze, and convert .docx files safely and reproducibly, including tracked-change redlining and raw OOXML access.

Makepad Basics

Guides agents to create, structure, and bootstrap Rust Makepad applications using makepad-widgets (dev branch) with code patterns, macros, and event handling.

STRIDE Analysis Patterns

Apply the STRIDE threat-modeling methodology to systematically identify and document security threats during design, reviews, or audits.

Makepad Event & Action Handling

Guides handling of input, lifecycle, and widget actions in Makepad apps — events, hit testing, timers, and parent-child action flow.

Makepad Basics

Guides agents to generate and explain Rust Makepad apps: setup, live_design!, app_main!, widget wiring and common patterns for cross-platform GUI development.

Makepad Basics (Claude variant)

Agent skill for Makepad starter apps: generates Rust examples, explains live_design! patterns, and guides event handling and widget wiring for beginner projects

Claimable Postgres (pg.new)

Provision temporary Postgres databases (pg.new) instantly for demos, prototyping, and local development; returns a connection string and claim URL (72-hour expi

Related Skills

Bounty Hunter — Atlas

Persona skill: 'Atlas' — a profit-focused developer persona for discovering, evaluating and executing paid bounties or freelance tasks with ROI-aware workflows.

Reverse Engineer

Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for

Sandbox0 Integration

Guidance and templates for integrating Sandbox0 sandboxing into AI agents — CLI/SDK patterns, templates, volumes, network policy, and deployment choices.

GraphQL Inspector — Validate

Validate GraphQL operations against a schema with configurable depth, complexity, alias and directive limits to catch errors before runtime.

Clerk Vue Patterns

Vue 3 integration patterns for Clerk: composables, router guards, and Pinia auth store integration.

CTF Write-up Generator

Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.

Cognitive Accessibility Specialist

Audits content, forms and authentication flows for cognitive accessibility (WCAG 2.2 / COGA) and gives prioritized remediation and plain-language guidance.

Azure External Attack Surface Management

Provides expert guidance for Azure External Attack Surface Management (EASM): quotas, configuration, integrations, and exporting inventory to analytics platform

API Security Testing Workflow

What it does

When to use it

What's included

Compatible agents