graphql-methodology

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). 该内容包含明确且可操作的攻击性方法（GraphQL introspection 绕过、字段枚举、数据枚举/外泄查询、SQL/GraphQL 注入、权限提升的 mutation、速率限制/WAF 绕过与别名批量滥用），易被用于未经授权的数据窃取和越权操作，属于高度滥用风险。

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs querying and interpreting responses from target /graphql endpoints (e.g., Phase 1–3 introspection and GET /graphql?query= requests and example queries like {"query":"{ __schema { ... } }"}), meaning the agent would fetch and act on untrusted third-party endpoint content that can drive further queries and actions.