GraphQL Schema Drift Detector
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes remote schema data which could serve as a vector for indirect prompt injection. * Ingestion points: Fetches live GraphQL schema definitions via introspection queries and API integrations (Apollo Studio, Hasura Metadata API). * Boundary markers: No specific boundary markers or 'ignore' instructions are provided in the skill text to delimit external schema content from agent instructions. * Capability inventory: Compares schema versions and generates formatted reports (Markdown, JSON, Slack notifications). * Sanitization: No explicit sanitization or validation of the fetched schema strings is documented.
- [EXTERNAL_DOWNLOADS]: Mentions the use of graphql-inspector and references the official GraphQL repository on GitHub. These references are consistent with the skill's functionality and use trusted, well-known sources.
- [COMMAND_EXECUTION]: Provides standard installation commands via npx and clawhub referencing the author's own distribution points (agentskillexchange).
Audit Metadata