graphql
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to ingest and analyze untrusted GraphQL schema definitions, resolver implementations, and server configurations.
- Ingestion points: The workflow identifies and processes a wide range of code files including
**/*.graphql,**/schema.*, and**/resolvers/**as primary data sources. - Boundary markers: The skill's workflow for manual and automated analysis does not define specific delimiters or instructions to ignore instructions embedded within the analyzed code comments or metadata.
- Capability inventory: The skill utilizes command-line execution for security scanners and performs manual interpretation of code logic, which can be influenced by malicious content in the target files.
- Sanitization: No explicit sanitization or validation of the code content is performed before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill executes external CLI tools, specifically
semgrepandgraphql-cop, to perform its auditing tasks. - [DATA_EXFILTRATION]: The skill includes functionality to analyze live GraphQL endpoints using
graphql-cop, which involves making network requests to potentially non-whitelisted external domains. While this is the intended primary purpose of the tool, it represents an active network operation surface.
Audit Metadata