apollo-kotlin
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill includes scripts that connect to GitHub to retrieve version information via 'git ls-remote'. These connections are directed at the official apollographql repositories, which is a standard and safe practice for dependency management.
- COMMAND_EXECUTION (SAFE): The provided Bash scripts are limited to benign metadata retrieval tasks. The skill instructs the agent to use standard Gradle tasks for schema downloading and project management, which is the expected behavior for this toolset.
- PROMPT_INJECTION (SAFE): Although the skill processes external GraphQL schema and operation files, this functionality is essential to its primary purpose as a GraphQL development aid. No malicious instructions or safety bypass attempts were found within the skill's content.
- DATA_EXFILTRATION (SAFE): No evidence of sensitive data access or exfiltration was found. The skill does not access credentials, SSH keys, or private environment files and only communicates with specified GraphQL endpoints and official code repositories.
Audit Metadata