SKILL.md
$27
- field suggestions and error-based discovery
- known type probes like
__type(name: "User")
- JS and mobile bundle route extraction
2. HIGH-VALUE GRAPHQL TESTS
Theme
Example
IDOR
user(id: "victim")
batching
array of login or object fetch operations
hidden fields
admin-only fields exposed in type definitions
nested authz gaps
related object fields with weaker checks
3. HIDDEN PARAMETER DISCOVERY
Look for:
- fields present in admin docs but not public docs
additionalPropertiesor permissive schemas
- frontend code using richer request bodies than visible UI controls
- mobile endpoints carrying role, org, feature-flag, or internal filter fields
4. NEXT ROUTING
- If hidden fields affect privilege: api authorization and bola
- If GraphQL batching changes auth or rate behavior: api auth and jwt abuse
- If endpoint discovery is incomplete: api recon and docs