The Agent Skills Directory

[SAFE]: The skill is a legitimate security testing toolset. All included code and instructions align with its stated purpose of performing authorized API penetration testing.
[COMMAND_EXECUTION]: The workflow documentation (SKILL.md) describes the use of standard command-line tools for security testing, including curl, ffuf, and jq. These operations are expected in a cybersecurity context.
[EXTERNAL_DOWNLOADS]: The skill references standard, well-known software and libraries, specifically the Python requests library and the jq utility, which are necessary for its operation. These are obtained from official repositories.
[DATA_EXFILTRATION]: Network requests performed by the testing script are directed at a user-defined target API. There is no evidence of unauthorized data collection or exfiltration to third-party servers.
[CREDENTIALS_UNSAFE]: No hardcoded sensitive credentials or secrets were found. The JWT tokens and Bearer tokens provided in the documentation and scripts are provided as non-functional, illustrative placeholders.

testing-api-security-with-owasp-top-10