BackendVerifiziert

High risk

api-fuzzing-bug-bounty

Critical signals were detected and installation should be handled carefully.

17/100

2high1medium

Empfehlungen

⛔ Score 17/100 — Dieser Skill weist schwerwiegende Risiken auf. Manuelles Audit erforderlich.

Erkannte Risiken3

Sensitive Fileshigh

sensitive_files

Sensitive system file access

Line 141

Snippets

L141<!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///etc/passwd"> ]>

L298<iframe src="file:///etc/passwd" height=1000 width=800>

Hardcoded Secrethigh

hardcoded_secret

Potentially hardcoded secret

Line 212

Snippets

L212 password: "password"

L223mutation {login(input:{email:"a@example.com" password:"password"}){success jwt}}

L224mutation {login(input:{email:"b@example.com" password:"password"}){success jwt}}

L225mutation {login(input:{email:"c@example.com" password:"password"}){success jwt}}

Network Callmedium

network_call

Outbound network call

Line 395

Snippets

L395- Add `X-Requested-With: XMLHttpRequest` header to simulate frontend

L420curl -X POST https://target.com/graphql \

L431| API returns nothing | Add `X-Requested-With: XMLHttpRequest` header |

L420curl -X POST https://target.com/graphql \

Voir les risques detectes

Connectez-vous pour consulter l'analyse detaillee des risques.

$npx agentfend install cmn92pimu00fju1ipxl2baro1

Trust Score

34trust

⭐ 27.821🍴 4667

Updated vor 6 Tagen

Analysiert

31.03.2026, 15:56

+ 2 previous scans

Kompatibel mit

AGAntigravity

Skill details

Trust score

34/100

GitHub

Connected

Stars

27.821

Forks

4667

Updated vor 6 Tagen

Analysiert 31.03.2026, 15:56

Beschreibung

"Provide comprehensive techniques for testing REST, SOAP, and GraphQL APIs during bug bounty hunting and penetration testing engagements. Covers vulnerability discovery, authentication bypass, IDOR exploitation, and API-specific attack vectors."

Quelle ansehen

Letzte Scans

31.03.2026, 15:56

Latest analysis

31.03.2026, 15:11

Run 2

27.03.2026, 15:45

Run 1