sast-graphql
CommunityThree-phase GraphQL injection detection for codebases.
System Documentation
What problem does it solve?
GraphQL injection vulnerabilities occur when user-controlled data is embedded into GraphQL operation strings rather than passed solely via variables. This skill provides a structured three-phase workflow to recon GraphQL usage, verify potential injection sites in batches, and merge results into a single report, enabling secure GraphQL implementations.
Core Features & Use Cases
- Three-phase workflow: Recon to locate unsafe operation document assembly sites, batched verification to trace taint through user input, and merge to produce a consolidated findings report.
- Architecture-aware: Requires sast/architecture.md to exist; uses context for accurate targeting and prioritization.
- Output integration: Writes results to sast/graphql-results.md for remediation planning and auditing.
- Use case: Identify and remediate GraphQL document construction vulnerabilities across codebases that dynamically build operation text.
Quick Start
Run the GraphQL injection detection workflow by first performing the sast-analysis to generate architecture context, then execute sast-graphql to produce the phased findings.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: sast-graphql Download link: https://github.com/utkusen/sast-skills/archive/main.zip#sast-graphql Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.