Use when the user provides an OpenAPI or Swagger spec and asks to find security issues, pentest the API, audit endpoints for OWASP API Top 10, or check for BOLA, BFLA, mass assignment, injection, or SSRF vulnerabilities in a running HTTP API
80
—
Does it follow best practices?
Impact
—
No eval scenarios have been run
Critical
Do not install without reviewing
Loading evals
6381b15
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.