This is a structured workflow for testing web apps against OWASP Top 10 vulnerabilities, broken into seven phases from reconnaissance through reporting. It chains together specialist skills like sql-injection-testing, xss-html-injection, and idor-testing with copy-paste prompts at each stage. Honestly most useful as a checklist to make sure you're not skipping categories during a pentest or bug bounty session. The phase structure keeps you methodical, which matters when you're context-switching between injection types and access control issues. Assumes you already have the component skills installed and know enough about web security to interpret what Claude finds.
npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill web-security-testing