constructive-graphql-codegen

This skill's documentation and configuration are coherent with its stated purpose (schema export and code generation). The main security concerns are supply-chain and credential risks associated with PGPM module deployment and ephemeral database provisioning, plus forwarding of Authorization tokens and headers to user-specified endpoints. These behaviors are expected for a tool that introspects databases and endpoints, but they require careful handling: only run against trusted modules/endpoints, avoid using production credentials for introspection, and review any PGPM module code before allowing the generator to deploy it. No explicit malicious code or obfuscated payloads are present in the provided documentation, but capabilities that execute or build third-party module code and that accept raw DB credentials raise moderate supply-chain risk.