The VPN app will be able to see some basic info about what device it is running on. It will also be able to see all network traffic on your phone. This is why you should never blindly trust a VPN provider. Always assume they are hostile and collect everything they can.
You can prevent all your traffic from being seem by the VPN by using HTTPS encryption at all times. Even then, the domain names of the sites you visit will be known by the VPN (but not the specific pages.)
The VPN will not be able to see texts sent over SMS although that's already seen by the cellular provider. If texts/calls take place over WiFi, then the VPN will see them if they are not encrypted. I imagine most WiFi calling services are encrypted but I'm not sure. Encrypted messaging apps like Signal would stay private, though your VPN will know you are using Signal.
In GrapheneOS and I think even in regular Android, no app can manipulate or see the contents of another app except with permission. The app itself is not the main privacy risk, it's the fact that 100% of your Internet traffic is now flowing through the VPN that is the issue.