EF supports three types of queries( LINQ-to-Entities, Entity SQL , and
LINQ-to-Entities queries are safe. This type of queries are not composed by using string manipulation, which makes it safe against SQL injection attacks.
Entity SQL and Native SQL are susceptible to SQL injection attacks. To safeguard your data, you must use parameterized queries instead of injecting literals from an external agent directly.
To learn all three types of queries visit here.
Read Microsoft documentation for complete EF security considerations.