performing-graphql-introspection-attack

Fail

Audited by Snyk on Jun 21, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt directly embeds Authorization bearer tokens (placeholders like "Bearer ", "<regular_user_token>", "<admin_token>") into HTTP requests and prints/saves full introspection results (which may contain DB connection strings, API keys, MFA secrets), forcing the agent to handle and potentially output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This skill contains explicit, actionable offensive techniques (full schema introspection and storage, error-based schema reconstruction, alias-based credential brute-forcing and token harvesting, and multiple DoS/resource-exhaustion attacks) that enable data exfiltration, credential theft, and availability attacks and is therefore highly likely to be abused.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow sends GraphQL introspection and error-based discovery requests to a target endpoint and then ingests the returned response bodies (e.g., resp.text / resp.json() containing __schema and “did you mean” suggestions) into the agent’s LLM context, which is outsider-authored free text from the remote GraphQL server.

Issues (3)

W007
HIGH

Insecure credential handling detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 21, 2026, 04:08 PM
Issues
3
Security Audit — snyk — performing-graphql-introspection-attack