Security risk report for @forgecat/contains-studio_agents_studio-operations v0.1.0
Source Integrity
Low
Profile sourced from ForgeCat registry with standard metadata; no suspicious external dependencies or supply-chain indicators.
All agent instructions are self-contained within the profile; no instructions to fetch or install external payloads.
Agent Intent
Low
Content describes legitimate business operations (analytics, finance, infrastructure, legal, support) with no instructions to manipulate the AI, exfiltrate data, or reveal system prompts.
Agent descriptions and examples are educational and use-case-focused; they recommend standard industry tools (Google Analytics, Stripe, Datadog, etc.) without typosquatting or backdoored packages.
No guidance poisoning detected—recommendations for cost optimization, monitoring, and compliance follow established best practices and do not weaken security defaults.
infrastructure-maintainer: 'Implementing security best practices', 'Ensuring data encryption at rest and transit'—security-strengthening guidance.
legal-compliance-checker: 'Write clear, comprehensive privacy policies', 'Conducting GDPR readiness assessments'—compliance-focused, no instruction to bypass controls.
support-responder: 'Create comprehensive FAQ documents', 'Identify repetitive questions'—standard support operations.
Permissions
Low
Declared tools (Write, Read, MultiEdit, WebSearch, Grep, Bash) are appropriate to stated functions: documentation creation, data analysis, infrastructure scripting, and compliance review.
No high-risk categories (shell, file_delete, file_mutate) with alwaysApply=true and globs='**'; Bash is scoped to infrastructure-maintainer agent only, matching its stated responsibility.
Authority is narrowly aligned with each agent's purpose—no vague self-expanding rules or excessive subagent delegation.
Details
Evidence
analytics-reporter: Write, Read, MultiEdit, WebSearch, Grep—appropriate for report generation and data analysis.
finance-tracker: Write, Read, MultiEdit, WebSearch, Grep—appropriate for budget and financial document creation.
infrastructure-maintainer: Write, Read, MultiEdit, WebSearch, Grep, Bash—Bash justified for system diagnostics and configuration.
legal-compliance-checker: Write, Read, MultiEdit, WebSearch, Grep—appropriate for policy drafting and research.
support-responder: Write, Read, MultiEdit, WebSearch, Grep—appropriate for documentation and response templates.
MCP Risk
Low
No MCP servers declared in the profile; all agent functionality is implemented via standard tool definitions.
No hidden instructions in tool descriptions; tool purposes are explicit and aligned with agent responsibilities.
Details
Evidence
Profile metadata shows no 'mcp_servers' section.
All tool descriptions are straightforward (Write, Read, WebSearch, Bash) with no obfuscated or malicious intent.