API Security (API)

Analyze REST and RPC APIs for security vulnerabilities aligned with the OWASP API Security Top 10, including Broken Object-Level Authorization (BOLA), mass assignment, missing rate limiting, broken function-level authorization, and excessive data exposure. API-specific vulnerabilities arise from the unique patterns of programmatic access, where client-side UI constraints do not apply.

Supported Flags

Read ../../shared/schemas/flags.md for the full flag specification. This skill supports all cross-cutting flags. Key flags for this skill:

• --scope determines which files to analyze (default: changed)
• --depth standard reads code and checks API endpoint handlers
• --depth deep traces data from request to database to response serialization
• --severity filters output (API issues are often high or critical)

Framework Context