This is a triage router that helps you figure out which API security testing path to take before diving deep. It splits API work into four lanes: recon and docs (Swagger, OpenAPI), authorization bugs (BOLA, BFLA), token abuse (JWT manipulation, header trust), and GraphQL plus hidden parameters. The quick triage table is genuinely useful if you're staring at API traffic and need to decide where to start. It won't do the testing for you, but it keeps you from wandering into JWT attacks when the real issue is a missing object-level check. Think of it as a decision tree that saves you from testing everything at once.
npx skills add https://github.com/yaklang/hack-skills --skill api-sec