feat: add NIST CSF 2.0 nist_csf field to all 754 cybersecurity skills

Mapped every skill to NIST CSF 2.0 subcategory IDs (GV/ID/PR/DE/RS/RC functions)
based on subdomain and content analysis. Restores 11 skills corrupted during
prior rebase, re-enriching with ATLAS, D3FEND, NIST AI RMF, and CSF 2.0 fields.

All 754 skills now carry structured mappings for all 5 security frameworks:
- MITRE ATT&CK (in tags)
- MITRE ATLAS v5.5 (atlas_techniques)
- MITRE D3FEND v1.3 (d3fend_techniques)
- NIST AI RMF 1.0 (nist_ai_rmf)
- NIST CSF 2.0 (nist_csf)
This commit is contained in:
mukul975
2026-04-06 11:17:40 +02:00
parent e8105a2f4d
commit efca3ec611
754 changed files with 12847 additions and 2832 deletions
@@ -1,19 +1,28 @@
---
name: performing-graphql-introspection-attack
description: >
Performs GraphQL introspection attacks to extract the full API schema including types, queries,
mutations, subscriptions, and field definitions from GraphQL endpoints. The tester uses
introspection queries to map the attack surface, identifies sensitive fields and mutations,
tests for query depth and complexity limits, and exploits GraphQL-specific vulnerabilities
including batching attacks, alias-based brute force, and nested query DoS. Activates for
requests involving GraphQL security testing, introspection attack, GraphQL enumeration, or
GraphQL API penetration testing.
description: 'Performs GraphQL introspection attacks to extract the full API schema including types, queries, mutations, subscriptions,
and field definitions from GraphQL endpoints. The tester uses introspection queries to map the attack surface, identifies
sensitive fields and mutations, tests for query depth and complexity limits, and exploits GraphQL-specific vulnerabilities
including batching attacks, alias-based brute force, and nested query DoS. Activates for requests involving GraphQL security
testing, introspection attack, GraphQL enumeration, or GraphQL API penetration testing.
'
domain: cybersecurity
subdomain: api-security
tags: [api-security, graphql, introspection, schema-extraction, query-abuse]
tags:
- api-security
- graphql
- introspection
- schema-extraction
- query-abuse
version: 1.0.0
author: mahipal
license: Apache-2.0
nist_csf:
- PR.PS-01
- ID.RA-01
- PR.DS-10
- DE.CM-01
---
# Performing GraphQL Introspection Attack