This is a systematic framework for testing Insecure Direct Object Reference vulnerabilities, where you manipulate IDs or filenames to access resources you shouldn't have permission to see. You'll need at least two test accounts and Burp Suite to intercept and modify requests as you probe for cross-user access issues. It covers both database object references and static file references, walking through detection via parameter manipulation and enumeration. The skill passed Gen Agent Trust Hub audit but failed Snyk, which is worth noting if you're running this in production environments. Realistically, this is most useful if you're doing security assessments or penetration testing and need a structured approach to IDOR hunting rather than ad-hoc poking around.
npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill idor-vulnerability-testing