performing-graphql-introspection-attack
Fail
Audited by Snyk on Jun 21, 2026
Risk Level: CRITICAL
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt directly embeds Authorization bearer tokens (placeholders like "Bearer ", "<regular_user_token>", "<admin_token>") into HTTP requests and prints/saves full introspection results (which may contain DB connection strings, API keys, MFA secrets), forcing the agent to handle and potentially output secret values verbatim.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). This skill contains explicit, actionable offensive techniques (full schema introspection and storage, error-based schema reconstruction, alias-based credential brute-forcing and token harvesting, and multiple DoS/resource-exhaustion attacks) that enable data exfiltration, credential theft, and availability attacks and is therefore highly likely to be abused.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow sends GraphQL introspection and error-based discovery requests to a target endpoint and then ingests the returned response bodies (e.g.,
resp.text/resp.json()containing__schemaand “did you mean” suggestions) into the agent’s LLM context, which is outsider-authored free text from the remote GraphQL server.
Issues (3)
W007
HIGHInsecure credential handling detected in skill instructions.
E006
CRITICALMalicious code pattern detected in skill scripts.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata