Api Security

The exploiting-jwt-algorithm-confusion-attack skill helps Security Audit workflows test JWT algorithm confusion, including RS256-to-HS256 downgrades, alg:none bypasses, and kid/jku/x5u header tricks. It is backed by a practical guide, reference examples, and a script for repeatable validation.

exploiting-idor-vulnerabilities helps authorized security audits test Insecure Direct Object Reference flaws across APIs, web apps, and multi-tenant systems with cross-session checks, object mapping, and read/write verification.

exploiting-excessive-data-exposure-in-api helps security audit teams inspect API responses for over-shared fields, including PII, secrets, internal IDs, and debug data. It provides a focused workflow, reference patterns, and analyzer logic for comparing returned data against expected schema and roles.

exploiting-api-injection-vulnerabilities skill for Security Audit teams testing APIs for SQL injection, NoSQL injection, command injection, LDAP injection, and SSRF across parameters, headers, and request bodies. This guide helps you spot risky inputs, compare baseline responses, and validate whether backend interactions are injectable.