mcp-codacy
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No malicious instructions, jailbreak attempts, or system prompt overrides were detected in the skill markdown.
- [Data Exposure & Exfiltration] (SAFE): While the skill mentions a 'CODACY_ACCOUNT_TOKEN', it correctly instructs the environment to prompt the user for this input rather than hardcoding a secret.
- [Remote Code Execution] (SAFE): No commands for downloading or executing remote scripts (e.g., curl|bash) were found.
- [Indirect Prompt Injection] (LOW): The skill processes data from Codacy findings. 1. Ingestion points: Prompt templates in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: No executable scripts defined within the skill file itself. 4. Sanitization: Absent.
Audit Metadata