Skills
skills/affaan-m/everything-claude-code/codehealth-mcp/Gen Agent Trust Hub

codehealth-mcp

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill identifies the @codescene/codehealth-mcp package as a dependency, which is executed via npx to provide the core functionality of the MCP server.
  • [DATA_EXFILTRATION]: The skill requires a CS_ACCESS_TOKEN for communication with the CodeScene platform. It provides clear instructions on secure token handling and uses placeholders in examples to prevent accidental exposure.
  • [COMMAND_EXECUTION]: The tools included in this skill perform structural analysis by reading local source files and git metadata to calculate maintainability metrics.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection due to its processing of untrusted local code.
  • Ingestion points: Local repository files and git history.
  • Boundary markers: No specific delimiters or instructions to disregard embedded content are specified.
  • Capability inventory: The skill uses npx for execution and instructs the agent to gate developer workflows based on the tool's output.
  • Sanitization: No sanitization of the analyzed file content is documented.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 04:03 PM
Security Audit — agent-trust-hub — codehealth-mcp