Security risk report for @forgecat/contains-studio_agents_product v0.1.0
Source Integrity
Low
Profile originates from a declared GitHub repository (contains-studio/agents) with clear attribution and version tracking.
No evidence of supply-chain tampering, typosquatted dependencies, or malicious package substitution.
Agent Intent
Low
Content describes legitimate product-management workflows (feedback synthesis, sprint planning, trend research) without instructing the AI to ignore system instructions, exfiltrate data, or perform malicious actions.
No prompt injection, system prompt leakage, or guidance poisoning detected; the agent instructions are domain-specific best practices for product analysis, not security-weakening or attacker-serving directives.
Examples and use cases are descriptive and educational, illustrating normal product team collaboration patterns rather than manipulating the AI's behavior.
Details
Evidence
feedback-synthesizer: 'Your superpower is finding signal in the noise, identifying patterns humans miss' — describes analysis capability, not instruction to bypass controls.
sprint-prioritizer: 'RICE scoring', 'Value vs Effort matrices' — standard product frameworks, no malicious guidance.
trend-researcher: 'Monitor TikTok, Instagram Reels' — legitimate market research, no instruction to hide behavior or exfiltrate data.
Permissions
PRM-000Medium
The feedback-synthesizer agent declares 'WebFetch' alongside Read/Write/Grep/MultiEdit, enabling external URL fetching which is broader than pure local feedback analysis.
The trend-researcher agent declares 'WebSearch' and 'WebFetch', which is appropriate for trend research but represents external network access that should be noted.
Write and MultiEdit permissions across agents allow file modification; while plausible for report generation, this is broader than read-only analysis tasks.
No MCP servers are declared or configured in this profile; all agent functionality is described in markdown instructions without external binary execution or server definitions.
No hidden instructions in tool descriptions, no arbitrary binary execution, and no unrestricted network or filesystem access via MCP.
Agent instructions are self-contained and do not reference external MCP endpoints or require environment credentials.
All three agents (feedback-synthesizer, sprint-prioritizer, trend-researcher) are defined as markdown instruction sets with declared tool categories, not MCP server binaries.