This is the skill you run first when targeting an API before you start poking at auth or business logic. It walks you through mining JavaScript bundles for endpoint patterns, checking standard doc paths like /swagger.json and /openapi.json, and hunting for version drift across /api/v1/, /mobile/, and legacy routes. The checklist focuses on extracting the stuff that matters: optional fields, deprecated endpoints that still work, and schema hints that expose hidden parameters. It's lean recon with clear routing at the end, sending you to BOLA testing if you find object IDs everywhere or JWT abuse if you spot role claims. Good first step that keeps you from missing surface area.
npx skills add https://github.com/yaklang/hack-skills --skill api-recon-and-docs