The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides Python implementations for executing network-level attacks against GraphQL endpoints.
Evidence: SKILL.md contains code for 'Query depth attack (DoS)', 'Field duplication attack (resource exhaustion)', and 'Circular fragment (DoS)' intended to impact service availability.
Evidence: scripts/agent.py provides a CLI interface to automate introspection and depth limit testing against user-provided URLs.
[DATA_EXFILTRATION]: The skill is designed to discover and extract sensitive schema information and potential PII fields from remote APIs.
Evidence: SKILL.md includes a Step 3 for 'Sensitive Data Identification in Schema' which targets fields like passwordHash, ssn, creditCard, and secretKey.
Evidence: scripts/agent.py automatically flags fields matching sensitive patterns and saves extracted schemas to local files.
[EXTERNAL_DOWNLOADS]: The skill documentation requires the installation of external Python libraries and references third-party security tools.
Evidence: SKILL.md and references/api-reference.md list dependencies on requests and gql via pip.
Evidence: The skill recommends the use of external tools such as Burp Suite, InQL, Clairvoyance, and GraphQL Voyager.
[INDIRECT_PROMPT_INJECTION]: The skill processes JSON responses from remote, untrusted GraphQL endpoints which could influence the agent's reported findings.
Ingestion points: resp.json() calls in scripts/agent.py (lines 40, 68) and SKILL.md (Steps 1, 2, 4, 5, 6).
Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands in the API responses.
Capability inventory: The skill has network POST capabilities (requests.post) and file-writing capabilities (json.dump to graphql_schema.json).
Sanitization: No sanitization is performed on the data returned from the API beyond standard JSON parsing.

performing-graphql-introspection-attack