graph-query
Fail
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (HIGH): The setup instructions mandate cloning a repository from an untrusted GitHub organization ('23blocks-OS/ai-maestro-plugins') and executing a shell script ('./install-graph-tools.sh'). This allows for arbitrary code execution on the host system during the installation phase.\n- Indirect Prompt Injection (LOW): The skill possesses a data ingestion surface (codebase indexing) and command execution capabilities, making it theoretically susceptible to instructions embedded in analyzed code.\n
- Ingestion points: Local codebase files processed and indexed by 'graph-index-delta.sh'.\n
- Boundary markers: No delimiters or instructions to ignore embedded content are provided in the skill body.\n
- Capability inventory: Multiple shell scripts (e.g., 'graph-describe.sh', 'graph-find-callers.sh') are used to query the graph and present data to the agent.\n
- Sanitization: There is no documented mechanism for sanitizing or validating codebase content before it influences agent behavior.
Recommendations
- AI detected serious security threats
Audit Metadata