api-recon-and-docs
API reconnaissance and documentation review playbook. Use when discovering endpoints, schemas, versions, OpenAPI specs, hidden docs, and surface area for API testing.
How do I install this agent skill?
npx skills add https://github.com/yaklang/hack-skills --skill api-recon-and-docsIs this agent skill safe to install?
- Gen Agent Trust Hubpass
The skill provides a playbook for API reconnaissance and documentation review, focusing on endpoint discovery and schema extraction. It includes standard commands for identifying API paths within target JavaScript files and checklist for common documentation locations.
- Socketwarn
1 alert: gptSecurity
- Snykwarn
Risk: MEDIUM · 1 issue
- ZeroLeakspass
Score: 93/100 · 2 sections analyzed
What does this agent skill do?
SKILL: API Recon and Docs — Endpoints, Schemas, and Version Surface
AI LOAD INSTRUCTION: Use this skill first when the target is a REST, mobile, or GraphQL API and you need to enumerate endpoints, documentation, versions, and hidden surface area before exploitation.
1. PRIMARY GOALS
- Discover all reachable API entrypoints.
- Extract schemas, optional fields, and role differences.
- Identify old versions, mobile paths, GraphQL endpoints, and undocumented parameters.
2. RECON CHECKLIST
JavaScript and client mining
curl https://target/app.js | grep -oE '(/api|/rest|/graphql)[^"'\'' ]+' | sort -u
Common documentation and schema paths
/swagger.json
/openapi.json
/api-docs
/docs
/.well-known/
/graphql
/gql
Version and product drift
/api/v1/
/api/v2/
/api/mobile/v1/
/legacy/
3. WHAT TO EXTRACT FROM DOCS
- optional and undocumented fields
- admin-only request examples
- deprecated endpoints that may still be active
- schema hints like
additionalProperties: true - parameter names tied to filtering, sorting, IDs, roles, or tenancy
4. NEXT ROUTING
| Finding | Next Skill |
|---|---|
| object IDs everywhere | api authorization and bola |
| JWT, OAuth, role claims | api auth and jwt abuse |
| GraphQL or hidden fields | graphql and hidden parameters |
| strong auth boundary but suspicious business flow | business logic vulnerabilities |
How can the creator link this skill?
Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.
<a href="https://skillzs.dev/skills/yaklang/hack-skills/api-recon-and-docs">View api-recon-and-docs on skillZs</a>