apollo-router
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust security model for GraphQL supergraph configuration. It provides a dedicated validation checklist in
validation/checklist.mdthat checks for common misconfigurations such as active introspection, enabled sandbox, or wildcard CORS in production environments. - [SAFE]: Secret management is handled correctly. The instructions and templates (e.g.,
templates/v2/production.yaml) consistently use shell environment variable expansion (${env.VAR}) for sensitive data likeAPOLLO_KEY,JWKS_URL, andJWT_ISSUER, preventing hardcoded credentials in configuration files. - [SAFE]: The skill uses version-aware logic to ensure configuration correctness between Apollo Router v1 and v2, reducing the risk of security regressions during migration.
- [SAFE]: The included references and templates for Rhai scripts and coprocessors provide standard, safe implementation patterns for extending router functionality without introducing malicious execution vectors.
- [SAFE]: External references and documentation URLs point to official
apollographql.comdomains, which are consistent with the skill's author metadata.
Audit Metadata