graphql-mutation-builder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to process untrusted external content such as GraphQL schemas and API design patterns while having access to high-privilege tools. Ingestion points: User-provided API requirements and schema patterns. Boundary markers: No delimiters or instructions are present to distinguish data from command instructions. Capability inventory: Access to
Write,Edit, andBash(curl:*)allows for file system modification and arbitrary network requests. Sanitization: No sanitization or validation of external content is specified before processing. - Command Execution (MEDIUM): The inclusion of
Bash(curl:*)in the allowed-tools metadata provides a network exfiltration or SSRF vector. If an attacker can influence the parameters passed to curl via indirect prompt injection, sensitive data could be sent to external servers or internal services could be probed.
Recommendations
- AI detected serious security threats
Audit Metadata