GraphQL Introspection Documenter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly states the tool "connects to any GraphQL endpoint and runs the full introspection query" (using __schema) to ingest schema/type descriptions from arbitrary endpoints, which the agent reads and uses to generate documentation, so untrusted third-party content could influence its behavior.