Security risk report for @forgecat/voltagent_awesome-codex-subagents_infrastructure v0.0.10
Source Integrity
Low
Profile references a legitimate public GitHub repository (VoltAgent/awesome-codex-subagents) with clear attribution and MIT license.
Commit hash and version tracking provide supply-chain transparency; no obfuscated or suspicious source indicators.
Agent Intent
Low
All 16 agent instructions focus on legitimate infrastructure engineering practices (deployment, Kubernetes, Terraform, incident response, etc.) with no prompt-injection, role-hijacking, or credential-exfiltration directives.
Instructions emphasize production-safety, operability, and rollback safety—standard best practices for infrastructure work; no guidance poisoning or malicious knowledge injection detected.
No directives to reveal system prompts, tool definitions, or conversation memory; no instructions to fetch external URLs, install remote payloads, or hide/deny instructions.
Details
Evidence
All agents follow a consistent, safety-focused working mode: 'Map the affected operational path → Distinguish facts from assumptions → Implement smallest coherent action → Validate behavior and recovery paths.'
Representative quote (azure-infra-engineer): 'Favor the smallest defensible recommendation or change that restores reliability, preserves security boundaries, and keeps rollback options clear.'
No agent instructions contain language like 'ignore previous instructions', 'read ~/.ssh', 'exfiltrate', 'disable TLS', or other malicious directives.
Two agents (deployment-engineer, devops-engineer) request workspace-write sandbox mode, which is appropriate for their stated functions (deployment workflow changes, CI/CD pipeline modifications).
No agents request shell, file_delete, or unrestricted filesystem access; no alwaysApply=true rules with glob='**' patterns.