magento-graphql
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Technical instructions and code snippets follow standard Magento and headless commerce development patterns. The provided TypeScript and PHP examples are structurally correct and reflect industry standards for GraphQL API interaction and Magento module architecture.\n- [SAFE]: The skill promotes security awareness by recommending httpOnly cookies for session tokens instead of local storage, which significantly reduces the risk of token theft via Cross-Site Scripting (XSS). Additionally, it advocates for the use of environment variables to manage sensitive backend URLs and store codes.\n- [SAFE]: Analysis for indirect prompt injection surfaces found no exploitable vulnerabilities beyond the inherent surface of processing API data. \n
- Ingestion points: The skill fetches product data and customer reviews from the Magento API (SKILL.md). \n
- Boundary markers: Standard API fetching code is used without specific prompt delimiters. \n
- Capability inventory: No high-risk capabilities like arbitrary command execution or file system writes are present. \n
- Sanitization: Data is handled as standard JSON, with security recommendations focusing on transport and storage.
Audit Metadata