Security risk report for @forgecat/anthropics_claude-plugins-official_code-review v0.0.2
Source Integrity
Low
Profile is sourced from Anthropic's official claude-plugins-official repository on GitHub.
Metadata clearly attributes origin and provides commit hash (cf62a6c) for verification.
Agent Intent
Low
Content describes a legitimate code review automation workflow with no instructions to manipulate the AI agent or bypass its constraints.
No directives to read credentials, exfiltrate data, reveal system prompts, or install malicious payloads.
Guidance on confidence scoring and false-positive filtering is standard software engineering practice, not poisoning.
Details
Evidence
README documents the multi-agent architecture and confidence threshold (80) as a feature to reduce false positives.
commands/code-review.md provides explicit step-by-step instructions for legitimate code review tasks using GitHub CLI.
No hidden instructions or role-hijacking language present.
Permissions
PRM-000Medium
Allowed tools are restricted to read-only and comment-posting `gh` subcommands, which is well-scoped for a PR review workflow.
The `gh pr comment` permission allows writing to GitHub, which is a medium-risk write action, but it is directly necessary for posting review feedback and is narrowly scoped.
No shell execution beyond specific `gh` subcommands, no file-write or file-delete tools, and no broad filesystem or network access are requested.
'disable-model-invocation: false' — sub-agent invocation is enabled, which is expected for the multi-agent architecture but adds a layer of delegated authority
MCP Risk
Low
No MCP servers are defined in the profile.
No hidden tool descriptions or arbitrary binary execution risk.