graphql
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No security issues were detected across the 10 threat categories. The skill is primarily educational and provides boilerplate code for GraphQL implementations.
- [DATA_EXPOSURE_AND_EXFILTRATION] (SAFE): No credentials, sensitive file paths, or unauthorized network operations were identified. Code snippets demonstrate local data source integration without exposing secrets.
- [REMOTE_CODE_EXECUTION] (SAFE): No remote code download or execution patterns (e.g., curl|bash) were found in the scripts or documentation.
- [DYNAMIC_EXECUTION] (SAFE): The validation script correctly uses
yaml.safe_load()to parse configuration files, mitigating risk from malicious YAML payloads. No use ofeval(),exec(), or other unsafe dynamic sinks was found. - [PROMPT_INJECTION] (SAFE): The instructions are instructional and do not attempt to override the underlying agent's safety guidelines or system instructions.
- [METADATA_POISONING] (SAFE): While there is a minor version mismatch between SKILL.md (2.1.0) and config.yaml (1.0.0), this appears to be a documentation oversight rather than a deceptive attempt to hide capabilities.
Audit Metadata