CORS Audit Then you add and it works. Except now your API accepts requests from every site on the internet, with every user's credentials, if you forgot to check the credentials flag. This skill probes your CORS configuration with crafted Origin headers, finds the misconfigurations that let attackers run authenticated cross-origin requests against your users, and generates the correct allow-list config for your stack. Works against any live URL via curl. Scans Express/FastAPI/Go/Rails/Django source. Zero external API. --- Trigger Phrases - "CORS error", "CORS blocked", "CORS not working" - "C…