skills/aidotnet/opendeepwiki/graphify/Gen Agent Trust Hub

graphify

Warn

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Installs the graphifyy Python package from PyPI and clones remote repositories from user-provided GitHub URLs.
  • [REMOTE_CODE_EXECUTION]: Clones and executes extraction logic against untrusted external repositories.
  • [COMMAND_EXECUTION]: Installs a git post-commit hook for automated execution and modifies the local CLAUDE.md to persist instructions across agent sessions.
  • [PROMPT_INJECTION]: Processes untrusted files and repository content through LLM subagents, making it vulnerable to indirect prompt injection from malicious data.
  • [CREDENTIALS_UNSAFE]: Requests or handles Neo4j database credentials via command-line arguments.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 29, 2026, 03:25 AM
Security Audit — agent-trust-hub — graphify