data-client-graphql-setup
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructions include installing @data-client/graphql via npm, yarn, or pnpm. This package is not from a 'Trusted Source' organization, which introduces a possible supply chain vulnerability.
- DATA_EXFILTRATION (MEDIUM): The file 'references/auth.md' contains a directory traversal reference (../../../../docs/graphql/auth.md). This pattern is a significant security concern for AI agents as it can be used to bypass directory restrictions and access sensitive host files.
Audit Metadata