performing-graphql-introspection-attack

SUSPICIOUS/HIGH-RISK offensive security skill, not confirmed malware. Its capabilities are internally consistent with its stated pentesting purpose, but that purpose is to perform exploitation-oriented GraphQL attacks, including brute force and DoS testing. Install trust is mixed but not overtly deceptive; the bigger issue is that the skill equips an AI agent to carry out high-impact security testing actions against live targets with supplied tokens.

This fragment is a purpose-built, attack-oriented GraphQL reconnaissance and probing CLI. It actively performs __schema introspection, tests for query depth enforcement by sending increasingly nested queries, and checks whether batched/aliased GraphQL requests are supported. No classic malware behaviors (persistence, host compromise, third-party exfiltration, or obfuscation) are evident in the provided code, but the capabilities are highly actionable for exploitation planning and can stress targets during probing. Treat as suspicious/misuse-capable code; review for legitimate, strictly-authorized use and ensure it is not shipped or executed unintentionally via supply-chain inclusion.