The Agent Skills Directory

[SAFE]: Analysis of the skill instructions and the automated testing script (agent.py) indicates that the functionality is entirely consistent with its stated purpose as a security auditing tool. There is no evidence of malicious intent, obfuscation, or persistence mechanisms.\n- [EXTERNAL_DOWNLOADS]: The skill references several external security tools and libraries (such as graphql-cop, clairvoyance, and InQL) from reputable public repositories and official package registries. These are standard resources within the cybersecurity community for API testing.\n- [COMMAND_EXECUTION]: The provided workflow includes various curl commands and a Python-based testing agent. These tools are used to interact with a user-specified target GraphQL endpoint for assessment purposes. All executions are within the scope of the intended security testing functionality.\n- [DATA_EXFILTRATION]: Network activity is restricted to the target URL provided by the user for the assessment. The Python agent correctly handles authorization tokens provided as input and uses them for authenticated testing without transmitting them to unauthorized third-party servers.

performing-graphql-security-assessment