The Agent Skills Directory

[SAFE]: The skill is a legitimate penetration testing utility focused on mobile API security. All identified functionalities, including network requests and command execution, are directly related to the stated purpose of auditing authentication and authorization mechanisms. No malicious patterns, hidden payloads, or unauthorized data exfiltration behaviors were detected.\n- [COMMAND_EXECUTION]: The documentation in SKILL.md contains several command-line examples (e.g., curl, hashcat) intended for manual testing. These commands are standard for security auditing and are provided as instructional material for the user to execute against their own authorized targets.\n- [DATA_EXFILTRATION]: The included Python scripts (scripts/agent.py and scripts/process.py) use the requests library to send probes and test tokens to a target API URL specified by the user. This network activity is required for testing API security and is conducted within the scope of the assessment.\n- [EXTERNAL_DOWNLOADS]: The skill references the requests library and provides instructions for its installation via pip. This is a common and safe dependency for network-based tools.

testing-mobile-api-authentication