Security risk report for @forgecat/anthropics_claude-plugins-official_agent-sdk-dev v0.0.3
Source Integrity
Low
Profile is sourced from official Anthropic repository (https://github.com/anthropics/claude-plugins-official), a trusted first-party source.
Metadata clearly attributes authorship to Anthropic and references the original repository commit.
Agent Intent
Low
Content describes legitimate SDK development workflows and verification processes without attempting to manipulate the AI agent.
Instructions to agents (verifier-py, verifier-ts, new-sdk-app) are constructive guidance for code review and scaffolding, not prompt injection or system prompt leakage.
No instructions to read credentials, exfiltrate data, ignore previous instructions, or hide/deny the agent's own instructions.
References to WebFetch and WebSearch are for legitimate documentation lookup, not for exfiltration or unauthorized access.
Details
Evidence
Verifier agents are instructed to 'thoroughly inspect' and 'validate' SDK applications against official patterns—standard code review behavior.
new-sdk-app command explicitly instructs: 'Ensure API keys are not hardcoded in source files' and 'Verify .env is in .gitignore'—security-positive guidance.
No paraphrased or obfuscated malicious instructions detected; all guidance aligns with official SDK best practices.
Permissions
Low
No tool definitions or MCP servers are declared in this profile; agents rely on standard Claude capabilities (WebFetch, WebSearch, file operations within user context).
Requested operations (creating project files, running type checkers, reading documentation) are scoped to the user's project directory and public documentation.
No shell execution, file deletion, or unrestricted filesystem access is demanded beyond normal development workflows.
Verifier agents are instructed to 'Read the relevant files' and 'Run npx tsc --noEmit'—standard development tasks, not excessive agency.
MCP Risk
Low
No MCP servers are defined or embedded in this profile.
Profile documents how to integrate MCP servers (custom tools) but does not install or execute any hidden MCP payloads.
Guidance on MCP integration is educational and references official SDK documentation.
Details
Evidence
MCP section in verifier agents states: 'Validate MCP server integration if present' and 'Custom tools (MCP) are correctly integrated if present'—verification, not installation.
No tool descriptions contain hidden instructions or arbitrary binary execution.