The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill provides instructions to download installation and configuration scripts from https://mcp.apollo.dev/download/nix/latest (Linux/macOS) and https://mcp.apollo.dev/download/win/latest (Windows). These resources are hosted on the official domain of the vendor, Apollo GraphQL.
[REMOTE_CODE_EXECUTION]: The recommended installation method involves piping remote script content directly into shell interpreters (curl | sh for Unix-like systems and iwr | iex for Windows). This allows for the execution of arbitrary code from the vendor's server during the setup process.
[COMMAND_EXECUTION]: The skill configuration allows the AI agent to execute local system commands. This includes the use of npx and the rover CLI as specified in the allowed-tools metadata, as well as the execution of the apollo-mcp-server binary itself.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and execute GraphQL operations from external or untrusted sources.
Ingestion points: The server reads GraphQL operations from local directories (./operations/), manifest files, and remote GraphOS collections via specified IDs.
Boundary markers: There are no built-in boundary markers or instructions for the agent to ignore embedded commands within the GraphQL files. The documentation manually recommends setting mutation_mode: explicit as a mitigation strategy.
Capability inventory: The built-in execute tool provides the capability to perform both data retrieval (queries) and data modification (mutations) on the connected GraphQL API.
Sanitization: While the skill provides a validate tool to ensure schema compliance, it does not provide mechanisms to sanitize the intent of the operations to prevent prompt-driven manipulation.

apollo-mcp-server