radon-mcp
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill serves as a best-practices guide for internal IDE tools designed for developer debugging. All functionality is scoped to the developer's application environment and workspace.
- [COMMAND_EXECUTION]: The reload_application tool allows the agent to trigger application reloads, process restarts, and full native rebuilds. These are standard operations within a development workflow for React Native and Expo.
- [PROMPT_INJECTION]: The skill provides the agent with access to data generated by a running application, which creates a surface for indirect prompt injection if the application outputs malicious content. Ingestion points: Tools such as view_application_logs and view_network_logs ingest console output and network traffic from the app. Boundary markers: The instructions do not define specific delimiters to isolate external application data from the agent's internal instructions. Capability inventory: The agent can trigger application reloads (reload_application) and fetch information from remote documentation services (query_documentation). Sanitization: The view_network_request_details tool implements a security measure to redact sensitive headers, such as authorization tokens and secrets, before the agent processes the request details.
Audit Metadata