Security risk report for @forgecat/voltagent_awesome-codex-subagents_business-product v0.0.10
Source Integrity
Low
Profile references a legitimate public GitHub repository (VoltAgent/awesome-codex-subagents) with MIT license and specific commit hash (5b7a405, 2026-03-19).
No hidden or obfuscated external URLs, no typosquatted dependencies, and no instructions to fetch untrusted remote payloads.
Agent Intent
Low
All 11 agent instructions are role-specific guidance for legitimate business/product tasks (requirements analysis, content strategy, project management, etc.) with no prompt-injection language or role-hijacking attempts.
No instructions to read system prompts, reveal hidden instructions, exfiltrate data, or install remote payloads; all agents operate within their declared sandbox modes (read-only or workspace-write).
Guidance is descriptive of best practices (e.g., 'verify every requirement maps to concrete behavior', 'confirm wording avoids implied guarantees') rather than poisoning future outputs with malicious defaults or security-weakening rules.
Details
Evidence
business-analyst.md: 'Do not invent product intent or policy commitments not supported by prompt or repository evidence unless explicitly requested by the parent agent.'
content-marketer.md: 'Do not optimize for persuasion at the expense of technical truth unless explicitly requested by the parent agent.'
technical-writer.md: 'Do not publish speculative behavior descriptions not backed by implementation evidence unless explicitly requested by the parent agent.'
Permissions
Low
Most agents (9/11) operate in read-only sandbox mode, limiting them to analysis and guidance without file mutation or system execution.
Two agents (technical-writer, wordpress-master) declare workspace-write mode, which is appropriate for their stated functions (drafting documentation and implementing WordPress fixes) and scoped to their domain.
No agents declare shell, file_delete, or unrestricted network access; no alwaysApply rules with broad globs.
Details
Evidence
technical-writer.md: 'sandbox_mode: workspace-write' — appropriate for drafting and revising documentation artifacts.
wordpress-master.md: 'sandbox_mode: workspace-write' — appropriate for implementing WordPress theme/plugin/config changes.
All other agents: 'sandbox_mode: read-only' — analysis-only, no mutation authority.
MCP Risk
Low
No MCP servers are declared in the profile; all agents are Codex-native subagents with no external tool definitions or binary execution.
No hidden instructions in tool descriptions, no arbitrary binary execution, and no unrestricted network/filesystem access.
Details
Evidence
Profile declares 'Dependencies: None' and 'MCP servers (untrusted data): (none)'.