from antigravity-awesome-skills36,971
Guided workflow for testing REST and GraphQL APIs: authentication, authorization, input validation, rate limiting, error handling, and common API vulnerabilitie
This skill provides a structured, phased workflow for assessing API security across REST and GraphQL endpoints. It guides an agent through discovery, authentication and authorization checks, input-validation and injection tests, rate-limiting and abuse scenarios, GraphQL-specific checks (depth/complexity/introspection), and error-handling review. The workflow includes concrete actions, suggested sub-skills to invoke (fuzzing, IDOR checks, scanning), copy-paste prompts, and a checklist for quality gates and reporting.
Use this skill when performing security reviews, bug-bounty style assessments, or automated API audits where the goal is to identify authentication/authorization flaws, injection vectors, misconfigured rate limits, or information disclosure in API responses. It is appropriate for both internal security engineers and red-team style testing where permissions and safety boundaries are defined.
Inferred compatible agents: Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity-compatible agent runtimes (skill executed as an orchestration/workflow in agent environments).
API security testing workflow skill that provides a phased checklist for REST/GraphQL security testing. No bundled scripts — purely instructional markdown. The skill delegates all actual work to other referenced skills (api-fuzzing-bug-bounty, broken-authentication, etc.) making it a meta-workflow rather than a standalone tool. Checklist items are generic and lack concrete methodology or tool-specific guidance.
Safe skill — no security concerns. Main issue is it adds little standalone value beyond being a structured checklist. References to external skills (@api-fuzzing-bug-bounty, @idor-testing, etc.) have no guarantees those skills exist or are compatible.
