The Agent Skills Directory

[SAFE]: No malicious patterns or security risks were detected in the skill's instructions or code. The skill is designed for authorized penetration testing and security auditing.
[COMMAND_EXECUTION]: The skill provides various shell commands using curl and jq to interact with GraphQL endpoints. These commands are standard for API testing and do not exhibit malicious intent such as shell injections or unauthorized system access.
[EXTERNAL_DOWNLOADS]: The skill mentions installing standard security tools like graphql-cop and clairvoyance via pip. These are legitimate tools used in the security industry. It also correctly references well-known repositories for Burp Suite extensions.
[DATA_EXFILTRATION]: The Python script scripts/agent.py facilitates security testing by sending GraphQL queries to a user-provided target URL. It handles authentication tokens appropriately as part of the session headers and does not transmit data to unauthorized third-party servers.

performing-graphql-security-assessment