graphql
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): Identified a vulnerability surface where untrusted data enters the agent context. (1) Ingestion points: ExecuteTaskInput message field in SKILL.md. (2) Boundary markers: Absent. (3) Capability inventory: Bash, Write, and Edit tools enabled in frontmatter. (4) Sanitization: Absent in the provided templates.
- [SAFE] (SAFE): The provided code snippets for Python (Strawberry), Node.js (Apollo), and React are standard boilerplate for GraphQL development with no detected malicious patterns, obfuscation, or unauthorized network operations.
Audit Metadata