graphile-worker
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): The skill serves as a technical reference for the Graphile Worker library. Analysis across all 10 threat categories shows no signs of prompt injection, obfuscation, or malicious exfiltration.
- Indirect Prompt Injection Surface (LOW): As a job queue management skill, it naturally handles external data (job payloads). The documentation correctly identifies 'Huge Payloads' as a risk and recommends passing IDs/references instead of full objects, which serves as a security mitigation for data integrity and performance.
- Dependency Analysis (SAFE): The skill references 'graphile-worker', which is a standard industry package for PostgreSQL job queues. It does not attempt to install untrusted third-party packages.
- Best Practices Enforcement (SAFE): The validation rules in
references/validations.mdspecifically target and prevent dangerous coding patterns such as synchronous blocking operations (execSync) and swallowing errors in asynchronous tasks, which improves the overall security posture of the agent using this skill.
Audit Metadata