CtrlK
BlogDocsLog inGet started
Tessl Logo

api-security-testing

API security testing workflow for REST and GraphQL APIs covering authentication, authorization, rate limiting, input validation, and security best practices.

56

1.10x

Quality

33%

Does it follow best practices?

Impact

96%

1.10x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./skills/antigravity-api-security-testing/SKILL.md
SKILL.md
Quality
Evals
Security

Evaluation results

89%

8%

Payment API Security Assessment Plan

Multi-phase security workflow structure

Criteria
Without context
With context

7 phases present

46%

53%

Phase 1 discovery actions

100%

100%

Phase 2 auth actions

60%

60%

Phase 3 authorization actions

100%

100%

Phase 4 injection types

50%

100%

Phase 5 rate limit actions

100%

100%

Phase 7 error handling actions

80%

100%

Security checklist items

100%

100%

Quality gate: remediation

100%

100%

Quality gate: report

100%

100%

Without context: $0.5538 · 3m 23s · 13 turns · 20 in / 11,829 out tokens

With context: $0.5024 · 2m 19s · 21 turns · 140 in / 7,564 out tokens

100%

17%

GraphQL API Security Review for HealthTrack Platform

GraphQL security testing phases

Criteria
Without context
With context

Introspection testing

100%

100%

Query depth testing

100%

100%

Query complexity testing

100%

100%

Batch query testing

100%

100%

Field suggestion testing

0%

100%

Error message testing

100%

100%

Information disclosure check

100%

100%

Logging verification

30%

100%

Security checklist coverage

100%

100%

Quality gate: report and remediation

100%

100%

Without context: $0.4481 · 3m 10s · 12 turns · 19 in / 10,801 out tokens

With context: $0.5062 · 2m 45s · 19 turns · 55 in / 8,822 out tokens

100%

1%

API Security Vulnerability Assessment: ShopCore E-Commerce Backend

Auth/authorization vulnerability documentation

Criteria
Without context
With context

JWT expiration finding

100%

100%

Hardcoded secret finding

100%

100%

OAuth2/token validation coverage

85%

100%

Object-level authorization finding

100%

100%

Privilege escalation finding

100%

100%

Unauthorized admin access finding

100%

100%

SQL injection finding

100%

100%

Information disclosure finding

100%

100%

Quality gate: remediation provided

100%

100%

Quality gate: report structure

100%

100%

Without context: $0.3321 · 1m 57s · 10 turns · 15 in / 7,322 out tokens

With context: $0.5887 · 2m 56s · 19 turns · 179 in / 10,985 out tokens

Repository
boisenoise/skills-collections
Commit

5c5ae21

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Payment API Security Assessment PlanGraphQL API Security Review for HealthTrack PlatformAPI Security Vulnerability Assessment: ShopCore E-Commerce Backend

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill