Skills

api-security

Installation
SKILL.md

API Security

Test API endpoints for security vulnerabilities across REST, GraphQL, WebSocket, and LLM-integrated APIs.

Techniques

Type Key Vectors
GraphQL Introspection, batching attacks, nested query DoS, field suggestion
REST API BOLA/IDOR, mass assignment, rate limiting, auth bypass, versioning
WebSocket Cross-site hijacking, message manipulation, auth flaws
Web-LLM Prompt injection via API, excessive agency, data exfiltration

Workflow

  1. Discover API endpoints and documentation (Swagger, GraphQL schema)
  2. Map authentication and authorization mechanisms
  3. Test per API type using appropriate techniques
  4. Validate data exposure and access control flaws
  5. Capture evidence with HTTP request/response logs

Reference

  • reference/graphql*.md - GraphQL attack techniques and labs
  • reference/api-testing*.md - REST API security testing guide
  • reference/websockets*.md - WebSocket vulnerability testing
  • reference/web-llm*.md - Web-LLM attack techniques and labs
Related skills

More from transilienceai/communitytools

Installs
32
Repository
transilienceai/…itytools
GitHub Stars
250
First Seen
Mar 21, 2026
Security Audits
Gen Agent Trust HubFail
SocketFail
SnykFail