Skills
skills/jovermier/claude-code-plugins-ip-labs/graphql-workflow/Gen Agent Trust Hub

graphql-workflow

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill includes instructions to run local shell commands such as pnpm codegen, npm run codegen, and rm -rf generated/. These are standard developer operations intended to be run within the user's project environment to manage GraphQL types.
  • [EXTERNAL_DOWNLOADS] (SAFE): Uses curl to verify the availability of a GraphQL backend. This is a common connectivity check and uses placeholders for the endpoint, posing no inherent risk as it does not download or execute remote scripts.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes user-controlled .graphql files and configuration scripts (codegen.ts). While this is a data ingestion surface, the risk is mitigated by the specific technical context of GraphQL operations, and the logic follows standard industry patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:38 PM