GraphQL Introspection Documenter

SUSPICIOUS. The intended capability is benign and coherent, but the actual install path does not match the claimed `graphql/graphql-js` source and instead relies on a separate skill marketplace/CLI with transitive trust. No clear credential theft or malicious exfiltration is shown, but the provenance mismatch and skill-install chain make this higher-risk than a normal GraphQL documentation skill.