graphify
Warn
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the graphifyy Python package from PyPI and clones remote repositories from user-provided GitHub URLs.
- [REMOTE_CODE_EXECUTION]: Clones and executes extraction logic against untrusted external repositories.
- [COMMAND_EXECUTION]: Installs a git post-commit hook for automated execution and modifies the local CLAUDE.md to persist instructions across agent sessions.
- [PROMPT_INJECTION]: Processes untrusted files and repository content through LLM subagents, making it vulnerable to indirect prompt injection from malicious data.
- [CREDENTIALS_UNSAFE]: Requests or handles Neo4j database credentials via command-line arguments.
Audit Metadata