AgentSkillsCN

Backend

后端

SKILL.md

Backend / API Domain Analysis

Analyze the server-side logic, API design, and error handling.

Checks

  • Input Validation: Are API requests validated against a schema (e.g., Zod, Joi)?
  • Error Handling: Do errors fail silently or leak internal details (like stack traces) to the client?
  • API Consistency: Are HTTP methods, status codes, and response formats consistent across the API?
  • Request Timeouts: Are there timeouts on long-running operations or outgoing requests?
  • Request Size Limits: Is there a limit on the size of payloads or files acceptable by the API?
  • Authentication Architecture: Is the session/JWT management secure?

Finding Examples

  • API-001: Missing input validation on POST /api/data.
  • API-002: Internal stack traces leaked in 500 responses.
  • API-003: Inconsistent use of HTTP status codes.