when-building-backend-api-orchestrate-api-development
Orchestrates a comprehensive REST API development workflow using TDD, ensuring quality and reliability through multi-agent coordination.
Install this skill
Security score
The when-building-backend-api-orchestrate-api-development skill was audited on Feb 28, 2026 and we found 50 security issues across 4 threat categories, including 13 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 81 | ```bash |
Template literal with variable interpolation in command context
| 97 | ```bash |
Template literal with variable interpolation in command context
| 103 | ```bash |
Template literal with variable interpolation in command context
| 119 | ```bash |
Template literal with variable interpolation in command context
| 125 | ```bash |
Template literal with variable interpolation in command context
| 140 | ```bash |
Template literal with variable interpolation in command context
| 147 | ```bash |
Template literal with variable interpolation in command context
| 163 | ```bash |
Template literal with variable interpolation in command context
| 222 | **Memory Pattern**: `api-development/${API_ID}/phase-2/backend-developer/project-setup` |
Template literal with variable interpolation in command context
| 232 | **Memory Pattern**: `api-development/${API_ID}/phase-2/database-architect/db-config` |
Template literal with variable interpolation in command context
| 243 | **Memory Pattern**: `api-development/${API_ID}/phase-2/devops-engineer/ci-config` |
Template literal with variable interpolation in command context
| 246 | ```bash |
Template literal with variable interpolation in command context
| 346 | ```bash |
Template literal with variable interpolation in command context
| 352 | ```bash |
Template literal with variable interpolation in command context
| 407 | ```bash |
Template literal with variable interpolation in command context
| 412 | ```bash |
Template literal with variable interpolation in command context
| 458 | ```bash |
Template literal with variable interpolation in command context
| 474 | ```bash |
Template literal with variable interpolation in command context
| 531 | **Memory Pattern**: `api-development/${API_ID}/phase-4/qa-engineer/e2e-results` |
Template literal with variable interpolation in command context
| 542 | **Memory Pattern**: `api-development/${API_ID}/phase-4/performance-analyst/benchmarks` |
Template literal with variable interpolation in command context
| 564 | **Memory Pattern**: `api-development/${API_ID}/phase-4/security-specialist/audit-report` |
Template literal with variable interpolation in command context
| 576 | **Memory Pattern**: `api-development/${API_ID}/phase-4/api-documentation-specialist/docs` |
Template literal with variable interpolation in command context
| 592 | **Memory Pattern**: `api-development/${API_ID}/phase-4/devops-engineer/runbook` |
Template literal with variable interpolation in command context
| 634 | ```bash |
Template literal with variable interpolation in command context
| 640 | ```bash |
Template literal with variable interpolation in command context
| 671 | ```bash |
Template literal with variable interpolation in command context
| 711 | ```bash |
Template literal with variable interpolation in command context
| 739 | ```bash |
Template literal with variable interpolation in command context
| 770 | ```bash |
Template literal with variable interpolation in command context
| 781 | ```bash |
Template literal with variable interpolation in command context
| 822 | ```bash |
Template literal with variable interpolation in command context
| 829 | ```bash |
Template literal with variable interpolation in command context
| 836 | ```bash |
Template literal with variable interpolation in command context
| 842 | ```bash |
Template literal with variable interpolation in command context
| 853 | ```bash |
Template literal with variable interpolation in command context
| 881 | ```bash |
Template literal with variable interpolation in command context
| 910 | ```bash |
Template literal with variable interpolation in command context
| 986 | ```bash |
Template literal with variable interpolation in command context
| 1024 | ```bash |
Template literal with variable interpolation in command context
| 1062 | - [ ] `api-development/${API_ID}/phase-1/*` - Planning artifacts |
Template literal with variable interpolation in command context
| 1063 | - [ ] `api-development/${API_ID}/phase-2/*` - Setup configurations |
Template literal with variable interpolation in command context
| 1064 | - [ ] `api-development/${API_ID}/phase-3/*` - TDD implementation + tests |
Template literal with variable interpolation in command context
| 1065 | - [ ] `api-development/${API_ID}/phase-4/*` - Test results + documentation |
Template literal with variable interpolation in command context
| 1066 | - [ ] `api-development/${API_ID}/phase-5/*` - Deployment logs + metrics |
Curl to non-GitHub URL
| 660 | curl https://api-staging.example.com/health |
Curl to non-GitHub URL
| 944 | ERROR_RATE=$(curl -s https://monitoring.example.com/api/error-rate | jq -r '.rate') |
Webhook reference - potential data exfiltration
| 471 | - Webhooks (if applicable) |
Access to .env file
| 388 | const token = jwt.sign({ userId: user.id }, process.env.JWT_SECRET, { expiresIn: '7d' }); |
External URL reference
| 660 | curl https://api-staging.example.com/health |
External URL reference
| 944 | ERROR_RATE=$(curl -s https://monitoring.example.com/api/error-rate | jq -r '.rate') |