graphql-inspector-validate
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill utilizes
npxandnpm installto fetch@graphql-inspector/clifrom the NPM registry. While this is a standard development tool, it is not from a pre-defined 'Trusted Organization' and the commands do not specify a version, which is a minor security concern regarding supply chain integrity. - COMMAND_EXECUTION (SAFE): The use of
Bashis limited to executing the validation tool on local files, which is the primary purpose of the skill. - PROMPT_INJECTION (LOW): The skill is subject to indirect prompt injection because it processes user-provided GraphQL files. \n
- Ingestion points: schema.graphql and other GraphQL documents via the
validatecommand. \n - Boundary markers: None provided in the command examples. \n
- Capability inventory: Bash, Read, Write, Edit, Glob, Grep. \n
- Sanitization: None; the agent interprets the CLI output directly.
Audit Metadata