Pentester can obtain information about other pentesters who applied for the same test, but weren't accepted

Hi team, I don't know your policy about pentesters(about their visibility on the platform), But I couldn't find any other pentesters before. 1) For example: GraphQL has the `h1_pentester` attribute that would explicitly point us to the pentester, but if we make a query, it doesn't reveal the pentester to us. https://hackerone.com/graphql POST `{"query":"query { user(username:\\"███\\"){username,h1_pentester}}","variables":{}}` Answer: `{"data":{"user":{"username":"███████","h1_pentester":null}}}` As we can see, I can't say that he is a pentester. And if I understand the policy correctly in this situation, H1 does not disclose to others who the pentester 2) PoC: https://hackerone.com/graphql POST `{"query":"query { pentester_profiles{total_count,nodes{skills{nodes{name}},state,user{username}}}}","variables":{}}` Answer: `{"data":{"pentester_profiles":{"total_count":8,"nodes":[{"skills":{"nodes":[{"name":"Web Applications"},{"name":"Mobile Applications"},{"name":"Native Applications"},{"name":"Android"},{"name":"iOS"},{"name":"API"}]},"state":"approved","user":{"username":"█████"}},{"skills":{"nodes":[{"name":"Web Applications"},{"name":"Mobile Applications"},{"name":"Network Security"},{"name":"Android"},{"name":"iOS"},{"name":"API"},{"name":"Web applications"}]},"state":"approved","user":{"username":"██████"}},{"skills":{"nodes":[{"name":"Web Applications"},{"name":"Mobile Applications"},{"name":"Native Applications"},{"name":"Network Security"},{"name":"Android"},{"name":"iOS"},{"name":"API"}]},"state":"approved","user":{"username":"█████"}},{"skills":{"nodes":[{"name":"Mobile Applications"},{"name":"Web Applications"},{"name":"Android"}]},"state":"approved","user":{"username":"nahamsec"}},{"skills":{"nodes":[{"name":"Web Applications"},{"name":"Mobile Applications"},{"name":"Native Applications"},{"name":"Network Security"},{"name":"Android"},{"name":"iOS"},{"name":"API"}]},"state":"approved","user":{"username":"███████"}},{"skills":{"nodes":[{"name":"Mobile Applications"},{"name":"Native Applications"},{"name":"Web Applications"},{"name":"Windows Mobile"},{"name":"Android"},{"name":"API"}]},"state":"approved","user":{"username":"██████"}},{"skills":{"nodes":[{"name":"Web Applications"},{"name":"Android"},{"name":"API"}]},"state":"approved","user":{"username":"fisher"}},{"skills":{"nodes":[]},"state":"approved","user":{"username":"haxta4ok00"}}]}}}` As far as I can tell from the GraphQL response, there are only 8 approved pentesters on the platform. Also, I see their skills. Maybe it makes sense if I find out about the pentester when I start participating in the pentest, but we can find out about them without participating in the pentest. If I made a mistake in this direction, please let me know, since I am not familiar with the pentester policy and I will close the report myself, thank you! For HackerOne triager , I'm not sure that you will be able to reproduce this query, I think you need to have the role - `h1_penteste` , thank you! ## Impact Disclosed pentesters