performing-graphql-introspection-attack

The described tool is a dual-use security-testing utility that enumerates GraphQL schemas and probes for missing depth limits. The provided fragment contains no explicit signs of obfuscation, hardcoded credentials, or exfiltration, but its functionality is explicitly offensive-capable and can be misused to discover sensitive fields or to conduct resource-exhaustion attacks. Before use or inclusion in a supply chain, review the actual implementation for logging/exfiltration, credential handling, built-in safeguards (consent, rate limits, redaction), and ensure usage is limited to authorized testing contexts.

SUSPICIOUS: the skill is internally consistent, but its purpose is to equip an AI agent with offensive GraphQL attack techniques, including enumeration, brute force, authorization bypass testing, and DoS-style query abuse. There is no clear credential-harvesting or hidden exfiltration behavior, so this is not confirmed malware, but it is a high-risk offensive-security skill unsuitable for general agent use.