responsible-vibe
Warn
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configuration requires the installation of an external MCP server from the npm registry using the package name
@codemcp/workflows. - [REMOTE_CODE_EXECUTION]: The skill utilizes
npx -yto download and execute the@codemcp/workflowspackage at runtime. This allows code from an external, non-whitelisted source to execute on the local system. - [PROMPT_INJECTION]: The skill is designed to process codebase content for tasks like bug fixing and feature development, which creates a surface for indirect prompt injection attacks where malicious code comments or data in the processed files could influence agent behavior.
- Ingestion points: Project source code, bug reports, and development instructions ingested during the workflow phases.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the skill files.
- Capability inventory: The required MCP server executes workflows that likely involve reading and writing to the file system.
- Sanitization: There is no evidence of sanitization or validation of the code content before it is processed by the AI agent.
Audit Metadata