codacy-automation
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions direct the user to configure an external MCP server endpoint at
https://rube.app/mcpand reference documentation oncomposio.dev. These are established services for extending AI agent capabilities. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external data from Codacy.
- Ingestion points: Data retrieved from the Codacy API via
RUBE_MULTI_EXECUTE_TOOL(SKILL.md). - Boundary markers: None specified in the instructions to separate external data from agent instructions.
- Capability inventory: The skill uses
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHwhich allow for both read and write operations within the Codacy environment. - Sanitization: No sanitization or validation of the data retrieved from external sources is described.
Audit Metadata