api-security-testing
API security testing workflow for REST and GraphQL APIs covering authentication, authorization, rate limiting, input validation, and security best practices.
Best for Security teamsWorks with GitHubLow risk
⌘source
- author
@sickn33- language
- Python
★34kstars
5.6kforks
Apr 18, 2026
✦overview.md
Key Features
- ·Tests REST and GraphQL API security
- ·Covers authentication and authorization
- ·Validates API rate limiting
- ·Checks input validation
- ·Follows API-specific vulnerability testing phases
Use Cases
- →Testing REST API security
- →Assessing GraphQL endpoints
- →Validating API authentication
- →Testing API rate limiting
- →Bug bounty API testing
Best for
- ✓Security teams
- ✓Bug bounty hunters
- ✓API developers
Not ideal for
- !Use this skill only when the task clearly matches the scope described above.
- !Do not treat the output as a substitute for environment-specific validation, testing, or expert review.
- !Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.
name
api-security-testing
description
API security testing workflow for REST and GraphQL APIs covering authentication, authorization, rate limiting, input validation, and security best practices.
category:granular-workflow-bundle
risk:safe
source:personal
date_added:2026-02-27
API Security Testing Workflow
Overview
Specialized workflow for testing REST and GraphQL API security including authentication, authorization, rate limiting, input validation, and API-specific vulnerabilities.
When to Use This Workflow
Use this workflow when:
- Testing REST API security
- Assessing GraphQL endpoints
- Validating API authentication
- Testing API rate limiting
- Bug bounty API testing
Workflow Phases
Phase 1: API Discovery
Skills to Invoke
api-fuzzing-bug-bounty- API fuzzingscanning-tools- API scanning
Actions
- Enumerate endpoints
- Document API methods
- Identify parameters
- Map data flows
- Review documentation
Copy-Paste Prompts
Use @api-fuzzing-bug-bounty to discover API endpoints
Phase 2: Authentication Testing
Skills to Invoke
broken-authentication- Auth testingapi-security-best-practices- API auth
Actions
- Test API key validation
- Test JWT tokens
- Test OAuth2 flows
- Test token expiration
- Test refresh tokens
Copy-Paste Prompts
Use @broken-authentication to test API authentication
Phase 3: Authorization Testing
Skills to Invoke
$install
1-click copynpx skills add sickn33/antigravity-awesome-skills --skill api-security-testingSafety assessment
★
Clarity score
How clear and easy to understand the SKILL.md instructions are, rated from 1 to 5.
3/ 5
goodMostly clear, but there are still a few confusing or poorly structured parts.
◎
Actionability score
How directly an agent can act on the SKILL.md instructions, rated from 1 to 5.
3/ 5
mediumPartially actionable with several concrete steps, but still missing important details.