It's definitely possible to write shit in anything. It just seems that writing something more structured, like SQL stored procs and a REST endpoint, means someone had to actually think about what data is coming back, it's structure, and how it's being used and the dev generally had better insight as to where the data was coming from and what values to expect.
There's a lot about graphql that is really cool. It just seems like the way my company uses it is to cut corners.
The same structure thinking etc can and should be done for GQL as well. But same same, once you have project handoff some other team can pick up your nice rest api and not follow existing conventions at all. I've seen far too many rest apis that will do all these variations across the one API: delete /user/comment, post /user/comment?action=delete, post /deleteUserComment, etc.
I'd agree that GQL is definitely one of those "gets used because it was the cool thing at the time" technologies but I still think it has a place in our toolboxes, it's definitely not the right solution for every problem.
There's a lot about graphql that is really cool. It just seems like the way my company uses it is to cut corners.