performing-graphql-depth-limit-attack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (scripts/agent.py and the Automated Testing Script in SKILL.md) send POSTs to user-supplied GraphQL endpoints, parse response.json() (errors, data, messages, timings) and use those values to change control flow and severity findings, so untrusted responses from arbitrary public endpoints can materially influence the agent's next actions.