graphql-expert
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions include 'Iron Laws' and 'Anti-Patterns' that mandate critical security practices for GraphQL production environments, including query depth limiting and disabling schema introspection to prevent reconnaissance and Denial of Service (DoS) attacks.
- [SAFE]: The provided JavaScript files (main.cjs, pre-execute.cjs, post-execute.cjs) contain only benign logic for help menus, metrics recording, and basic input validation. They do not perform any network operations or suspicious file system access.
- [SAFE]: The 'Memory Protocol' section uses a standard local file read operation (cat .claude/context/memory/learnings.md) to maintain persistent state across agent sessions, which is an expected behavior in many agentic environments.
- [SAFE]: No signs of prompt injection, data exfiltration, obfuscation, or unauthorized remote code execution were found during the analysis of the 10 files provided.
Audit Metadata