security-review-owasp-graphql

Community

Audit GraphQL auth and query abuse

Authorsjinks
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill helps you review GraphQL services for weaknesses that expose sensitive data or overload production systems, including resolver-level authorization gaps, expensive query shapes, batching abuse, and downstream injection paths.

Core Features & Use Cases

  • Schema and resolver review: Inspect queries, mutations, subscriptions, and field-level access control instead of relying only on top-level route authentication.
  • Abuse-path analysis: Evaluate depth, complexity, pagination, introspection, batching, and error handling for practical exploitation risk.
  • Evidence-based findings: Produce concrete security findings tied to code, configuration, tests, or observable behavior, with minimal remediation guidance.
  • Use case: A reviewer can assess a GraphQL API before release to confirm that sensitive fields are gated and that expensive queries cannot be abused.

Quick Start

Use the security-review-owasp-graphql skill to review the selected GraphQL schema, resolvers, and production settings for authorization gaps, query abuse, and downstream injection risks.

Dependency Matrix

Required Modules

None required

Components

references

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: security-review-owasp-graphql
Download link: https://github.com/sjinks/ai-owasp-skillset/archive/main.zip#security-review-owasp-graphql

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.