pt-web-application-assessment
Performs authorized web application and API penetration testing with focus on OWASP-style risks and business logic flaws. Use when assessing websites, web APIs, authentication flows, session handling, and input validation.
91
86%
Does it follow best practices?
Impact
100%
1.51xAverage score across 3 eval scenarios
Passed
No known issues
Evaluation results
100%
54%Security Assessment Report: Login Portal
Output template and report structure
Coverage section present
0%
100%
Findings section present
100%
100%
Finding endpoint/feature field
40%
100%
Finding preconditions field
0%
100%
Finding evidence field
37%
100%
Finding impact field
37%
100%
Fix recommendation field
100%
100%
Regression test idea field
0%
100%
Attack Path Summary section
0%
100%
Code AND config controls
100%
100%
Exact endpoint context
100%
100%
100%
25%API Security Review: Project Management Platform
Attack surface mapping and access control testing
Endpoint enumeration
100%
100%
HTTP methods documented
100%
100%
Auth requirements noted
100%
100%
Horizontal access control tested
100%
100%
Vertical access control tested
100%
100%
IDOR or insecure object access
100%
100%
Findings prioritized
100%
100%
Coverage section present
25%
100%
Attack Path Summary present
0%
100%
Regression test idea per finding
25%
100%
Code AND config remediation
37%
100%
Non-destructive PoC
100%
100%
100%
22%Security Review: E-Commerce Checkout Flow
Remediation guidance and PoC documentation
Business logic finding
100%
100%
Workflow abuse described
80%
100%
Input handling tested
100%
100%
PoC steps reproducible
30%
100%
PoC non-destructive
100%
100%
Bypass conditions documented
100%
100%
Regression test idea
44%
100%
Code-level fix
100%
100%
Operational/config control
62%
100%
Business consequence stated
44%
100%
Exact endpoint context
100%
100%
- Repository
- santosomar/ethical-hacking-agent-skills
- Commit
a8ff73a
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.