exploiting-api-injection-vulnerabilities

Fail

Audited by Socket on Mar 15, 2026

2 alerts found:

SecurityObfuscated File
SecurityMEDIUM
SKILL.md

SUSPICIOUS. The skill is internally consistent as an offensive API exploitation guide, but its actual footprint is high risk because it enables an AI agent to run exploit payloads, access internal services, and extract sensitive data. Tool provenance is only partially documented, and the main concern is not hidden malware but explicit offensive security capability with real-world impact.

Confidence: 95%Severity: 93%
Obfuscated FileHIGH
references/api-reference.md

This file is an offensive-focused injection testing playbook: it enumerates SQL/NoSQL/command payloads, shows how to deliver them (Python requests, Burp API), and how to interpret responses. The fragment is dual-use—acceptable for authorized security testing—but contains insecure practices (TLS disabled) and provides actionable exploit strings that facilitate abuse if used without consent. The text itself is not active malware, but its inclusion in a package that automates execution without safeguards would constitute a significant supply-chain risk. Recommend: treat as high-abuse documentation; ensure any accompanying tooling requires explicit authorization, logging, rate-limiting, and secure defaults (enable TLS validation), and include defensive examples and legal/ethical usage warnings.

Confidence: 98%
Audit Metadata
Analyzed At
Mar 15, 2026, 01:30 PM
Package URL
pkg:socket/skills-sh/mukul975%2FAnthropic-Cybersecurity-Skills%2Fexploiting-api-injection-vulnerabilities%2F@25ae41883e8d8dd5f7d8302608afbfb7f41a555f