graphql-codegen
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious patterns or security vulnerabilities detected across all 10 threat categories.
- Prompt Injection: No attempts to override agent behavior or bypass safety filters were found in the skill or metadata.
- Data Exposure & Exfiltration: No hardcoded credentials or access to sensitive local files (like SSH keys or AWS credentials) were detected. Network examples use local host addresses for debugging.
- Unverifiable Dependencies: The skill recommends standard, well-known industry packages from the NPM registry (@graphql-codegen/cli, etc.).
- Dynamic Execution: Python scripts included in the skill (validate.py) use
yaml.safe_load()to prevent unsafe deserialization attacks. - Persistence & Privilege Escalation: No commands related to persistence (crontab, shell profiles) or privilege escalation (sudo, chmod 777) were found.
Audit Metadata