broken-authentication
This skill should be used when the user asks to "test for broken authentication vulnerabilities", "assess session management security", "perform credential stuffing tests", "evaluate ...
Install with Tessl CLI
npx tessl i github:sickn33/antigravity-awesome-skills --skill broken-authentication90
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillAgent success when using this skill
Validation for skill structure
Evaluation results
87%
-2%Session Management Security Review
Session token security analysis
Token length check
100%
100%
Entropy calculation
100%
100%
Sequential pattern detection
100%
100%
Timestamp component detection
37%
0%
HttpOnly flag check
100%
100%
Secure flag check
100%
100%
SameSite flag check
100%
100%
Session fixation assessment
100%
100%
Idle timeout assessment
100%
100%
Absolute timeout assessment
100%
100%
Logout invalidation
0%
16%
Without context: $0.4946 · 2m 14s · 16 turns · 17 in / 8,367 out tokens
With context: $1.0187 · 4m 34s · 27 turns · 73 in / 17,448 out tokens
78%
15%Authentication Security Assessment Toolkit
Authentication brute-force and enumeration testing
Authentication endpoint mapping
100%
100%
Password length test cases
75%
100%
Password complexity test cases
100%
100%
Common password test cases
100%
100%
Username-as-password test
100%
100%
Enumeration differential test
100%
100%
Hydra command syntax
0%
0%
Account lockout checks
70%
40%
Rate limiting bypass headers
0%
100%
IP vs account rate limiting
50%
100%
CAPTCHA bypass check
50%
50%
Without context: $0.7253 · 4m 21s · 15 turns · 64 in / 16,376 out tokens
With context: $1.1134 · 4m 43s · 29 turns · 61 in / 17,761 out tokens
64%
MFA and Password Reset Security Assessment
MFA bypass and password reset token testing
4-digit OTP combination count
100%
100%
Direct URL bypass
0%
0%
Response modification bypass
0%
0%
Empty OTP bypass
0%
0%
OTP reuse bypass
0%
0%
API version downgrade
100%
100%
MFA enrollment bypass
100%
100%
Reset token expiration
100%
100%
Reset token single-use
100%
100%
User parameter manipulation
100%
100%
Host header injection
100%
100%
Without context: $0.3982 · 2m 20s · 15 turns · 15 in / 6,836 out tokens
With context: $0.6322 · 2m 58s · 21 turns · 314 in / 9,499 out tokens
- Evaluated
- Agent
- Claude Code
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.