GraphQL Schema Stitching & Federation Agent

SUSPICIOUS: the skill’s stated purpose is plausible, but its provenance is inconsistent and its main installation path is transitive skill installation through third-party registries/CLIs. No direct credential theft or exfiltration is shown, but trust and publisher alignment are weak enough to treat it as medium risk.