building-graphql-server
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a restricted Bash tool ('api:graphql-*') to generate project scaffolding and boilerplate code. This is an intended capability but requires trust in the input specifications used during the generation process.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its ingestion of external specification files. Ingestion points: API specifications are read from the '{baseDir}/api-specs/' directory (SKILL.md). Boundary markers: No explicit markers are used to isolate ingested data from agent instructions. Capability inventory: The agent has access to 'Bash', 'Write', and 'Edit' tools (SKILL.md), which are used to implement logic based on ingested data. Sanitization: There is no evidence of sanitization or validation of the input data before it influences code generation.
Audit Metadata