apollo-federation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface. \n
- Ingestion points: The skill reads local GraphQL schema files using
Read,Glob, andGrep. \n - Boundary markers: Absent; the skill does not define specific delimiters to isolate untrusted file content or include explicit instructions for the agent to ignore embedded commands within schemas. \n
- Capability inventory: The skill allows modification of files (
Write,Edit) and execution of CLI tools (Bash(rover:*)), which could be leveraged if an ingested schema contains malicious instructions. \n - Sanitization: No explicit sanitization or input validation for ingested GraphQL data is provided beyond federation composition checks. \n- COMMAND_EXECUTION (SAFE): The skill utilizes the
roverCLI tool via Bash. This access is restricted to therover:*namespace, preventing arbitrary command execution and limiting actions to legitimate Apollo Federation tasks.
Audit Metadata