api-integration-specialist
Provides expert guidance for integrating third-party APIs with robust authentication, error handling, and rate limiting strategies.
Install this skill
Security score
The api-integration-specialist skill was audited on Feb 28, 2026 and we found 32 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 58 | 'Authorization': `Bearer ${apiKey}`, |
Template literal with variable interpolation in command context
| 62 | const response = await fetch(`${baseURL}${endpoint}`, { |
Template literal with variable interpolation in command context
| 79 | const raw = await this.request(`/users/${userId}`); |
Template literal with variable interpolation in command context
| 85 | name: `${raw.first_name} ${raw.last_name}`, |
Template literal with variable interpolation in command context
| 98 | super(`API Error: ${status}`); |
Template literal with variable interpolation in command context
| 218 | 'Authorization': `Bearer ${this.apiKey}`, |
Template literal with variable interpolation in command context
| 229 | fetch(`${this.baseURL}${endpoint}`, options) |
Template literal with variable interpolation in command context
| 237 | return this.request('GET', `/resources/${id}`); |
Template literal with variable interpolation in command context
| 245 | return this.request('PUT', `/resources/${id}`, data); |
Template literal with variable interpolation in command context
| 249 | return this.request('DELETE', `/resources/${id}`); |
Template literal with variable interpolation in command context
| 266 | const response = await apiClient.request('GET', `${endpoint}?${params}`); |
Webhook reference - potential data exfiltration
| 3 | description: Expert in integrating third-party APIs with proper authentication, error handling, rate limiting, and retry logic. Use when integrating REST APIs, GraphQL endpoints, webhooks, or external |
Webhook reference - potential data exfiltration
| 16 | - Setting up webhooks and event-driven integrations |
Webhook reference - potential data exfiltration
| 172 | ### 5. Webhook Handling |
Webhook reference - potential data exfiltration
| 174 | **Webhook Verification:** |
Webhook reference - potential data exfiltration
| 176 | function verifyWebhookSignature(payload, signature, secret) { |
Webhook reference - potential data exfiltration
| 188 | app.post('/webhooks/stripe', express.raw({ type: 'application/json' }), (req, res) => { |
Webhook reference - potential data exfiltration
| 191 | if (!verifyWebhookSignature(req.body, signature, process.env.STRIPE_WEBHOOK_SECRET)) { |
Webhook reference - potential data exfiltration
| 196 | handleWebhookEvent(event); |
Webhook reference - potential data exfiltration
| 285 | - Verify webhook signatures |
Access to .env file
| 29 | apiKey: process.env.SERVICE_API_KEY, |
Access to .env file
| 30 | baseURL: process.env.SERVICE_BASE_URL |
Access to .env file
| 38 | clientId: process.env.CLIENT_ID, |
Access to .env file
| 39 | clientSecret: process.env.CLIENT_SECRET, |
Access to .env file
| 40 | redirectUri: process.env.REDIRECT_URI, |
Access to .env file
| 191 | if (!verifyWebhookSignature(req.body, signature, process.env.STRIPE_WEBHOOK_SECRET)) { |
Access to .env file
| 314 | const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY); |
Access to .env file
| 328 | sgMail.setApiKey(process.env.SENDGRID_API_KEY); |
Access to .env file
| 333 | from: process.env.FROM_EMAIL, |
Access to .env file
| 343 | process.env.TWILIO_ACCOUNT_SID, |
Access to .env file
| 344 | process.env.TWILIO_AUTH_TOKEN |
Access to .env file
| 350 | from: process.env.TWILIO_PHONE_NUMBER, |