codacy-automation

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions direct the user to configure an external MCP server endpoint at https://rube.app/mcp and reference documentation on composio.dev. These are established services for extending AI agent capabilities.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external data from Codacy.
  • Ingestion points: Data retrieved from the Codacy API via RUBE_MULTI_EXECUTE_TOOL (SKILL.md).
  • Boundary markers: None specified in the instructions to separate external data from agent instructions.
  • Capability inventory: The skill uses RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH which allow for both read and write operations within the Codacy environment.
  • Sanitization: No sanitization or validation of the data retrieved from external sources is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 04:58 PM
Security Audit — agent-trust-hub — codacy-automation