performing-graphql-introspection-attack

Warn

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill contains Python scripts that utilize the requests library to perform automated network probing, schema discovery, and active exploitation of GraphQL endpoints.
  • [COMMAND_EXECUTION]: Includes functional code for multiple Denial-of-Service (DoS) attacks, including deeply nested queries (depth attack), field duplication (resource exhaustion), and circular fragment definitions.
  • [DATA_EXFILTRATION]: Automates the extraction of sensitive API metadata and schema structures, saving the harvested data to a local file (graphql_schema.json) for further analysis.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection. It ingests untrusted data from remote GraphQL responses and error messages (e.g., field suggestions) and processes it within the agent's context without sanitization. Ingestion points: resp.text and resp.json() in Step 4. Capability inventory: File writing, network requests. Sanitization: None detected.
  • [COMMAND_EXECUTION]: Provides logic for bypassing rate limits using GraphQL alias-based batching to perform high-volume authentication brute-force attempts in a single HTTP request.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 21, 2026, 04:08 PM
Security Audit — agent-trust-hub — performing-graphql-introspection-attack