api-fuzzing-bug-bounty
Provide comprehensive techniques for testing REST, SOAP, and GraphQL APIs during bug bounty hunting and penetration testing engagements. Covers vulnerability discovery, authentication bypass, IDOR exploitation, and API-specific attack vectors.
78
73%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/antigravity-api-fuzzing-bug-bounty/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong description with excellent specificity and trigger term coverage for its security testing niche. It clearly lists concrete capabilities and uses natural terminology that security professionals would employ. The main weakness is the absence of an explicit 'Use when...' clause, which caps the completeness score.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks about API security testing, API pentesting, bug bounty API targets, or exploiting API vulnerabilities.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: testing REST/SOAP/GraphQL APIs, vulnerability discovery, authentication bypass, IDOR exploitation, and API-specific attack vectors. These are concrete, actionable capabilities. | 3 / 3 |
Completeness | Clearly answers 'what does this do' with specific techniques and API types, but lacks an explicit 'Use when...' clause or equivalent trigger guidance. The when is only implied through context (bug bounty, pentesting engagements). | 2 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'REST', 'SOAP', 'GraphQL', 'API', 'bug bounty', 'penetration testing', 'authentication bypass', 'IDOR'. These cover common terms a security professional would use when seeking this skill. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche: API security testing in bug bounty/pentest contexts. The combination of specific API types (REST, SOAP, GraphQL) and specific attack vectors (IDOR, auth bypass) makes it unlikely to conflict with general coding or generic security skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a comprehensive API security testing reference with strong actionability—nearly every technique includes concrete payloads and commands. However, it suffers from being a monolithic wall of content that could benefit from splitting into focused sub-files, and the workflow lacks validation/verification checkpoints critical for security testing (e.g., confirming a vulnerability is real before documenting it). Some redundancy exists between the checklist and quick reference tables.
Suggestions
Add validation checkpoints to the workflow, such as 'Confirm the vulnerability by comparing authorized vs unauthorized responses' after IDOR testing, and 'Verify injection impact before escalating' after injection testing.
Split the content into sub-files: move GraphQL-specific testing to GRAPHQL.md, tools reference to TOOLS.md, and bypass techniques to BYPASSES.md, with clear links from the main skill.
Remove the redundant 'Common API Vulnerabilities Checklist' table since the 'Quick Reference' table covers similar ground more concisely, or merge them into a single reference.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is quite long and includes some unnecessary framing (e.g., 'API Types Overview' table, 'Purpose' section restating the description, 'When to Use' boilerplate). The vulnerability checklist and quick reference tables are somewhat redundant with each other. However, most payload examples are dense and useful, not padded with explanations of basic concepts. | 2 / 3 |
Actionability | The skill provides concrete, copy-paste-ready payloads, specific endpoint paths to test, exact curl commands, GraphQL queries, JSON injection patterns, and bypass techniques. Nearly every section contains executable examples rather than abstract descriptions. | 3 / 3 |
Workflow Clarity | The 5-step workflow provides a reasonable sequence (recon → auth → IDOR → injection → methods), but lacks validation checkpoints between steps. There are no feedback loops for verifying findings, no guidance on confirming true positives vs false positives, and no explicit verification steps after exploitation attempts—important for security testing where false positives are common. | 2 / 3 |
Progressive Disclosure | The content is essentially a monolithic document with everything inline. While it uses tables and headers for organization, the extensive tools reference, GraphQL-specific testing, and output exploitation sections could be split into separate files. No references to external detail files are provided despite the document being very long (~300+ lines). | 2 / 3 |
Total | 9 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- boisenoise/skills-collections
- Commit
636b862
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.