The Agent Skills Directory

[COMMAND_EXECUTION]: The skill includes a Python script (scripts/agent.py) and code snippets in SKILL.md designed to perform network operations and file writes (graphql_schema.json). These are used to discover GraphQL endpoints and analyze their schemas.\n- [DATA_EXFILTRATION]: The skill is designed to probe external GraphQL endpoints and identify sensitive fields like passwords and tokens within the schema. It uses network operations via the requests library to communicate with target endpoints. There is no evidence of exfiltrating local host credentials or sensitive files.\n- [PROMPT_INJECTION]: The skill processes untrusted JSON data returned from external GraphQL endpoints during introspection and brute-forcing. A malicious endpoint could return a schema containing embedded instructions to manipulate the agent's summary or behavior.\n
Ingestion points: Data is received via requests.post calls in scripts/agent.py and SKILL.md.\n
Boundary markers: The instructions do not define specific delimiters or warnings to ignore instructions embedded in the API responses.\n
Capability inventory: The skill has the ability to perform network requests and write to the local filesystem (graphql_schema.json).\n
Sanitization: There is no evidence of sanitization or filtering of the content received from the GraphQL endpoints before processing.

performing-graphql-introspection-attack