This is a security testing template for finding IDOR vulnerabilities where users can access resources they shouldn't by manipulating IDs or filenames in requests. You'd use it when pentesting web apps that handle user-specific data, ideally with Burp Suite and at least two test accounts to verify unauthorized access across users. It covers both database object references and static files, walks through detection via parameter manipulation, and includes remediation strategies. Originally from the antigravity-awesome-skills collection, now part of davila7's template repo with 27.7k stars. Obviously only use this with written authorization for security testing, but it's a solid starting point for systematic IDOR assessments if you're doing legitimate security work.
npx skills add https://github.com/davila7/claude-code-templates --skill idor-vulnerability-testing