graphql-implementation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No malicious instructions, role-play overrides, or safety bypass attempts were detected.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were identified. The best practices section explicitly warns against returning sensitive data without authorization.
- [Obfuscation] (SAFE): No encoded strings, zero-width characters, or hidden content were found.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill references standard libraries (Apollo Server, Graphene) but does not perform any remote script execution or download untrusted packages.
- [Indirect Prompt Injection] (LOW): The skill defines API surfaces that ingest untrusted data (GraphQL queries/mutations). While this represents a potential attack surface for an implemented agent, the skill itself provides instructions for input validation and error handling to mitigate such risks.
Audit Metadata