constructive-graphql-codegen
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
npxto execute the@constructive-io/graphql-codegentool for generating React Query hooks, ORM clients, and CLI interfaces from GraphQL sources. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@constructive-io/graphql-codegenpackage from the npm registry, which is a resource owned and maintained by the skill author. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through its generation of
AGENTS.mdand theskills/directory from external GraphQL schemas. - Ingestion points: Schema data is retrieved from GraphQL endpoints, local schema files, and live PostgreSQL databases.
- Boundary markers: No specific delimiters or instructions to ignore embedded instructions are identified in the generated documentation output intended for agent consumption.
- Capability inventory: The skill includes the ability to write generated code and documentation to the local filesystem and provides a framework for executing generated CLI commands.
- Sanitization: There is no evidence of sanitization of GraphQL metadata, such as field or type descriptions, before it is used to generate documentation for AI agents.
Audit Metadata