performing-security-testing

This skill automates security vulnerability testing. It is triggered when the user requests security assessments, penetration tests, or vulnerability scans. The skill covers OWASP Top 10 vulnerabilities, SQL injection, XSS, CSRF, authentication issues, and authorization flaws. Use this skill when the user mentions "security test", "vulnerability scan", "OWASP", "SQL injection", "XSS", "CSRF", "authentication", or "authorization" in the context of application or API testing.

Install with Tessl CLI

npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill performing-security-testing

What are skills?

1.03x

Review — 60%

Does it follow best practices?

If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:

npx tessl skill review --optimize ./path/to/skill

Learn more

Evaluation — 93%

↑ 1.03x

Agent success when using this skill

Validation — 11 / 11 Passed

Validation for skill structure

SKILL.md

Review

Evals

Evaluation results

100%

Security Assessment for E-Commerce API

Security vulnerability report generation

Criteria

Without context

With context

OWASP Top 10 coverage

100%

SQL injection section

100%

XSS section

100%

CSRF section

100%

Authentication assessment

100%

Authorization assessment

100%

Severity ratings present

100%

Remediation steps present

100%

Scope defined

100%

Auth credentials referenced

100%

Without context: $0.3905 · 4m 50s · 10 turns · 11 in / 9,534 out tokens

With context: $0.7183 · 4m 29s · 25 turns · 22 in / 13,484 out tokens

100%

Automated Security Testing in a GitHub Actions Pipeline

CI/CD security integration and scheduling

Criteria

Without context

With context

Triggered on code changes

100%

Scheduled recurring runs

100%

OWASP coverage mentioned

100%

Injection/XSS/CSRF coverage

75%

100%

Auth/authz coverage

100%

Reporting tool integration

100%

Results pushed to reporting tool

100%

Fail on high severity

100%

Testing strategy documented

100%

Scope of testing defined

80%

100%

Without context: $0.4851 · 3m 38s · 20 turns · 20 in / 8,846 out tokens

With context: $0.5810 · 3m 37s · 24 turns · 24 in / 9,794 out tokens

91%

Security Test Plan for Healthcare Patient Portal API

Scoped API security test planning

Criteria

Without context

With context

Scope defined by module

100%

Scope excludes out-of-scope items

100%

OWASP Top 10 referenced

100%

SQL injection test cases

100%

XSS test cases

77%

100%

CSRF test cases

22%

Authentication test cases

100%

Authorization test cases

100%

Credential handling documented

100%

Findings documentation process

100%

Severity ratings included

100%

Without context: $0.2453 · 2m 12s · 8 turns · 9 in / 6,245 out tokens

With context: $0.6218 · 4m 20s · 23 turns · 104 in / 12,163 out tokens

100%

Security Audit: Internal Expense Tracking API

Source code security audit

Criteria

Without context

With context

SQL injection identified

100%

XSS vulnerability identified

100%

Auth weakness identified

100%

Authorization flaw identified

100%

CSRF risk noted

100%

OWASP Top 10 framework used

100%

Severity ratings on all findings

100%

Remediation steps present

100%

Scope statement included

100%

Debug mode risk flagged

100%

Without context: $0.3103 · 2m 31s · 11 turns · 12 in / 6,243 out tokens

With context: $0.4438 · 3m 8s · 19 turns · 19 in / 7,894 out tokens

75%

-3%

Vulnerability Tracking System Design for a Multi-Team Engineering Organization

Centralized vulnerability management setup

Criteria

Without context

With context

Centralized reporting tool named

50%

41%

Findings pushed to central tool

100%

Regular scan schedule defined

100%

Scope per service documented

90%

70%

Credential handling addressed

100%

OWASP Top 10 coverage required

75%

Injection/XSS/CSRF coverage required

12%

37%

Auth/authz coverage required

25%

Severity normalization addressed

100%

New vulnerability detection goal

100%

66%

Onboarding checklist complete

100%

Without context: $0.3286 · 3m 27s · 13 turns · 16 in / 7,385 out tokens

With context: $0.3678 · 3m 8s · 16 turns · 16 in / 7,572 out tokens

90%

Authentication Security Review: Mobile Banking API

JWT authentication security assessment

Criteria

Without context

With context

JWT tampering risk identified

100%

No token revocation flagged

100%

Long token expiry flagged

100%

IDOR / authorization flaw identified

100%

Weak password policy flagged

100%

Authentication assessment section

62%

Authorization assessment section

62%

Severity ratings on all findings

100%

Remediation steps present

100%

Scope defined

100%

Test credentials documented

37%

50%

Without context: $0.3630 · 3m 22s · 12 turns · 13 in / 7,812 out tokens

With context: $0.6034 · 4m 25s · 27 turns · 788 in / 8,680 out tokens

96%

Patient Data API Security Review

Cryptographic failures and sensitive data exposure assessment

Criteria

Without context

With context

Cryptographic failure identified

100%

Plaintext sensitive data identified

100%

Weak encryption flagged

100%

OWASP Top 10 framework used

100%

SQL injection covered

100%

XSS covered

100%

CSRF covered

100%

Authentication section present

100%

Authorization section present

71%

100%

Severity ratings on all findings

100%

Remediation steps for all findings

100%

Scope defined

100%

Test credentials documented

Without context: $0.5108 · 6m 27s · 17 turns · 18 in / 9,743 out tokens

With context: $0.4813 · 3m 3s · 20 turns · 53 in / 8,013 out tokens

95%

E-Commerce Platform Security Assessment

Vulnerable and outdated dependency security assessment

Criteria

Without context

With context

Vulnerable dependencies identified

100%

CVE or vulnerability details provided

100%

OWASP A06 referenced

100%

OWASP Top 10 framework used

100%

SQL injection covered

100%

XSS covered

100%

CSRF covered

100%

Authentication coverage

100%

Authorization coverage

100%

Severity ratings on all findings

100%

Remediation steps present

100%

Scope defined

100%

Test credentials documented

20%

Without context: $0.4683 · 3m 30s · 13 turns · 14 in / 10,555 out tokens

With context: $0.5665 · 3m 51s · 19 turns · 20 in / 10,819 out tokens

91%

Financial Services API Security Assessment

Security logging and monitoring gap assessment

Criteria

Without context

With context

Missing auth failure logging identified

80%

100%

Missing privilege event logging identified

70%

60%

No intrusion detection flagged

62%

75%

OWASP A09 referenced

100%

OWASP Top 10 framework used

100%

SQL injection covered

100%

XSS covered

100%

CSRF covered

100%

Authentication section present

100%

Authorization section present

100%

Severity ratings on all findings

100%

Remediation steps present

90%

100%

Scope defined

100%

Test credentials documented

Without context: $0.3894 · 3m 29s · 16 turns · 17 in / 7,239 out tokens

With context: $0.4408 · 3m 7s · 19 turns · 276 in / 7,210 out tokens

Evaluated: 4 days ago
Agent: Claude Code
Model: Unknown

Table of Contents

Security Assessment for E-Commerce API Automated Security Testing in a GitHub Actions Pipeline Security Test Plan for Healthcare Patient Portal API Security Audit: Internal Expense Tracking API Vulnerability Tracking System Design for a Multi-Team Engineering Organization Authentication Security Review: Mobile Banking API Patient Data API Security Review E-Commerce Platform Security Assessment Financial Services API Security Assessment

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.