apollo-mcp-server
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill facilitates the installation of the Apollo MCP Server using scripts from the vendor's official domain (
mcp.apollo.dev). This is documented as the standard setup procedure for the service and is considered a trusted vendor resource.\n- [COMMAND_EXECUTION]: The skill utilizes command-line tools includingapollo-mcp-server,rover, andnpxto manage GraphQL operations and server connectivity, which is consistent with its stated purpose.\n- [CREDENTIALS_UNSAFE]: The documentation provides best practices for using environment variable expansion (${env.VAR_NAME}) to handle sensitive information likeAPOLLO_KEYandAPI_TOKEN, preventing the exposure of credentials in static configuration files.\n- [PROMPT_INJECTION]: Analysis of the instructions reveals no attempts to override agent behavior, extract system prompts, or bypass safety guidelines. The provided guidance is strictly operational.
Audit Metadata