GraphQL Schema Registry Client
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill consists exclusively of markdown documentation and contains no executable code or scripts that would be directly executed in the environment.
- [SAFE]: The skill references well-known technology organizations and standard industry tools. All external resources, such as the Apollo Registry and GraphQL repositories, are legitimate within the context of GraphQL development.
- [PROMPT_INJECTION]: The skill provides a surface for processing untrusted external data (GraphQL schemas) which represents a potential indirect prompt injection vector. 1. Ingestion points: GraphQL schemas sourced from the Apollo Schema Registry or local file system. 2. Boundary markers: The skill does not explicitly define markers to separate untrusted data from agent instructions. 3. Capability inventory: The skill involves executing CLI tools (rover, graphql-inspector) based on the input data. 4. Sanitization: No specific agent-level sanitization is described beyond the standard parsing performed by the CLI tools.
Audit Metadata