performing-security-testing
This skill automates security vulnerability testing. It is triggered when the user requests security assessments, penetration tests, or vulnerability scans. The skill covers OWASP Top 10 vulnerabilities, SQL injection, XSS, CSRF, authentication issues, and authorization flaws. Use this skill when the user mentions "security test", "vulnerability scan", "OWASP", "SQL injection", "XSS", "CSRF", "authentication", or "authorization" in the context of application or API testing.
87
53%
Does it follow best practices?
Impact
93%
1.06xAverage score across 9 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/testing/security-test-scanner/skills/security-test-scanner/SKILL.mdEvaluation results
100%
7%Security Assessment for E-Commerce API
Security vulnerability report generation
OWASP Top 10 coverage
100%
100%
SQL injection section
100%
100%
XSS section
100%
100%
CSRF section
100%
100%
Authentication assessment
100%
100%
Authorization assessment
100%
100%
Severity ratings present
100%
100%
Remediation steps present
100%
100%
Scope defined
100%
100%
Auth credentials referenced
0%
100%
100%
4%Automated Security Testing in a GitHub Actions Pipeline
CI/CD security integration and scheduling
Triggered on code changes
100%
100%
Scheduled recurring runs
100%
100%
OWASP coverage mentioned
100%
100%
Injection/XSS/CSRF coverage
75%
100%
Auth/authz coverage
100%
100%
Reporting tool integration
100%
100%
Results pushed to reporting tool
100%
100%
Fail on high severity
100%
100%
Testing strategy documented
100%
100%
Scope of testing defined
80%
100%
91%
Security Test Plan for Healthcare Patient Portal API
Scoped API security test planning
Scope defined by module
100%
100%
Scope excludes out-of-scope items
100%
100%
OWASP Top 10 referenced
100%
100%
SQL injection test cases
100%
100%
XSS test cases
77%
100%
CSRF test cases
22%
0%
Authentication test cases
100%
100%
Authorization test cases
100%
100%
Credential handling documented
100%
100%
Findings documentation process
100%
100%
Severity ratings included
100%
100%
100%
Security Audit: Internal Expense Tracking API
Source code security audit
SQL injection identified
100%
100%
XSS vulnerability identified
100%
100%
Auth weakness identified
100%
100%
Authorization flaw identified
100%
100%
CSRF risk noted
100%
100%
OWASP Top 10 framework used
100%
100%
Severity ratings on all findings
100%
100%
Remediation steps present
100%
100%
Scope statement included
100%
100%
Debug mode risk flagged
100%
100%
75%
-3%Vulnerability Tracking System Design for a Multi-Team Engineering Organization
Centralized vulnerability management setup
Centralized reporting tool named
50%
41%
Findings pushed to central tool
100%
100%
Regular scan schedule defined
100%
100%
Scope per service documented
90%
70%
Credential handling addressed
100%
100%
OWASP Top 10 coverage required
75%
75%
Injection/XSS/CSRF coverage required
12%
37%
Auth/authz coverage required
25%
25%
Severity normalization addressed
100%
100%
New vulnerability detection goal
100%
66%
Onboarding checklist complete
100%
100%
90%
1%Authentication Security Review: Mobile Banking API
JWT authentication security assessment
JWT tampering risk identified
100%
100%
No token revocation flagged
100%
100%
Long token expiry flagged
100%
100%
IDOR / authorization flaw identified
100%
100%
Weak password policy flagged
100%
100%
Authentication assessment section
62%
62%
Authorization assessment section
62%
62%
Severity ratings on all findings
100%
100%
Remediation steps present
100%
100%
Scope defined
100%
100%
Test credentials documented
37%
50%
96%
9%Patient Data API Security Review
Cryptographic failures and sensitive data exposure assessment
Cryptographic failure identified
100%
100%
Plaintext sensitive data identified
100%
100%
Weak encryption flagged
100%
100%
OWASP Top 10 framework used
100%
100%
SQL injection covered
100%
100%
XSS covered
100%
100%
CSRF covered
0%
100%
Authentication section present
100%
100%
Authorization section present
71%
100%
Severity ratings on all findings
100%
100%
Remediation steps for all findings
100%
100%
Scope defined
100%
100%
Test credentials documented
0%
0%
95%
5%E-Commerce Platform Security Assessment
Vulnerable and outdated dependency security assessment
Vulnerable dependencies identified
100%
100%
CVE or vulnerability details provided
100%
100%
OWASP A06 referenced
100%
100%
OWASP Top 10 framework used
100%
100%
SQL injection covered
100%
100%
XSS covered
100%
100%
CSRF covered
0%
100%
Authentication coverage
100%
100%
Authorization coverage
100%
100%
Severity ratings on all findings
100%
100%
Remediation steps present
100%
100%
Scope defined
100%
100%
Test credentials documented
20%
0%
91%
3%Financial Services API Security Assessment
Security logging and monitoring gap assessment
Missing auth failure logging identified
80%
100%
Missing privilege event logging identified
70%
60%
No intrusion detection flagged
62%
75%
OWASP A09 referenced
100%
100%
OWASP Top 10 framework used
100%
100%
SQL injection covered
100%
100%
XSS covered
100%
100%
CSRF covered
100%
100%
Authentication section present
100%
100%
Authorization section present
100%
100%
Severity ratings on all findings
100%
100%
Remediation steps present
90%
100%
Scope defined
100%
100%
Test credentials documented
0%
0%
- Commit
13d35b8
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.