graphql-and-hidden-parameters

SUSPICIOUS: the skill is internally consistent, but its purpose is to equip an AI agent with offensive API testing techniques including GraphQL abuse, hidden-parameter discovery, IDOR, and authz probing. There is no evidence of malware, credential theft, or shady installation, but the capability itself is high risk for misuse.