api-authorization-and-bola

Installation
SKILL.md

SKILL: API Authorization and BOLA — Object Access, Function Access, and Mass Assignment

AI LOAD INSTRUCTION: Use this skill when an API exposes object IDs, nested resources, or role-sensitive functions and you need a focused authorization test path: BOLA, BFLA, method abuse, and hidden field control.

1. CORE TEST LOOP

  1. Create Account A and Account B.
  2. As Account A, capture create, read, update, and delete flows.
  3. Replay with Account B's token.
  4. Test sibling endpoints, nested endpoints, and alternate HTTP verbs.

2. TEST SURFACES

Installs
1.8K
GitHub Stars
1.3K
First Seen
Apr 8, 2026
api-authorization-and-bola — yaklang/hack-skills