performing-graphql-depth-limit-attack

This skill is internally consistent with its stated purpose, but that purpose is to perform offensive GraphQL denial-of-service testing. It does not show credential theft or hidden exfiltration, so it is not confirmed malware; however, as an AI-agent skill it materially increases the agent's ability to execute disruptive security attacks and should be treated as high risk.