graphql-expert-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions to override agent behavior or bypass safety constraints were found. The content is strictly educational and instructional for API design.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were detected. The skill specifically warns against patterns that could lead to data exposure, such as field overloading.
- [Obfuscation] (SAFE): The content is clear and uses standard Markdown formatting. No hidden characters, Base64 encoding of commands, or homoglyphs were identified.
- [Remote Code Execution] (SAFE): The skill does not perform any remote script downloads or dynamic code execution. It contains TypeScript and GraphQL code snippets for illustrative purposes only.
- [Indirect Prompt Injection] (SAFE): While the skill provides instructions for the agent to follow when reviewing code, it does not ingest untrusted external data in a way that would trigger a vulnerability. The 'Real-World Attack Example' in the NoSQL injection section is clearly labeled as a vulnerability to avoid.
- [Persistence Mechanisms] (SAFE): No attempts to modify system configuration or establish persistence were found.
Audit Metadata