radon-mcp
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests untrusted data from external sources.
- Ingestion points: Data enters the agent's context through the view_application_logs, view_network_logs, and view_network_request_details tools, which fetch logs and network traffic from a running application.
- Boundary markers: The skill does not provide explicit instructions or delimiters to isolate ingested data from the system prompt or to ignore potential instructions embedded within the logs or network responses.
- Capability inventory: The skill has the capability to trigger application rebuilds or native process restarts via reload_application and perform network queries to the Radon AI backend.
- Sanitization: While the view_network_request_details tool redacts sensitive headers (e.g., auth, cookie, token), it does not sanitize logs or response bodies for injection patterns.
- [COMMAND_EXECUTION]: The reload_application tool enables the agent to execute system-level actions such as native process restarts and full native rebuilds within the development environment.
Audit Metadata