graphql▌

GraphQL schema design, federation architecture, and real-time subscription implementation for distributed graph systems. \n \n Covers schema-first design with Apollo Federation 2.5+, including entity resolution, subgraph composition, and federation directives \n Provides resolver patterns with DataLoader for N+1 prevention, batching, and caching across distributed architectures \n Includes query complexity analysis, depth limiting, and field-level security to prevent abuse before deployment \n S

Assessing GraphQL API endpoints for introspection leaks, injection attacks, authorization flaws, and denial-of-service vulnerabilities during authorized security tests.

Systematically assessing REST and GraphQL API endpoints against the OWASP API Security Top 10 risks using automated and manual testing techniques.

Performs GraphQL introspection attacks to extract the full API schema including types, queries, mutations, subscriptions, and field definitions from GraphQL endpoints. The tester uses introspection queries to map the attack surface, identifies sensitive fields and mutations, tests for query depth and complexity limits, and exploits GraphQL-specific vulnerabilities including batching attacks, alias-based brute force, and nested query DoS. Activates for requests involving GraphQL security testing, introspection attack, GraphQL enumeration, or GraphQL API penetration testing.

Execute and test GraphQL depth limit attacks using deeply nested recursive queries to identify denial-of-service vulnerabilities in GraphQL APIs.

Search Wellfound (formerly AngelList Talent) for startup job postings — supporting the full filter surface (role, location, remote policy, experience level, job type, salary + equity ranges with currency, company size + stage, markets, skills, visa sponsorship, recency, sort, pagination) — and return structured JSON jobs with full company, recruiter, salary/equity, and description data. Read-only.

Search Petfinder for adoptable pets near a location (or by pet ID / organization ID) and return matching listings as structured JSON, including breeds, age, behavior tags, photos, organization contact, and posted date. Read-only — never starts an adoption.

Extract a normalized JSON snapshot of a GitHub pull request — metadata, ordered review timeline, per-file diff annotations with inline review comments (outdated + resolved flags), and check-run / status-context results — primarily via the GitHub REST API with a rendered-HTML fallback for UI-only signals. Read-only.

Given a Best Buy SKU or product URL (and optional ZIP), return current price, online Ship-to-Home availability with ETA, pickup availability at nearby stores within radius, plus product title/brand/model/limit notice. Read-only — never adds to cart or reserves.

Guides stable API and interface design for creating REST or GraphQL endpoints and defining type contracts between modules.