Security risk report for @forgecat/voltagent_awesome-codex-subagents_meta-orchestration v0.0.10
Source Integrity
Low
Profile references a legitimate public GitHub repository (VoltAgent/awesome-codex-subagents) with MIT license and clear attribution.
Installation method uses standard npm/forgecat tooling with no obfuscated or suspicious download mechanics.
Agent Intent
Low
All agent descriptions focus on legitimate orchestration and coordination tasks (task decomposition, error triage, context synthesis, workflow planning) without any instruction to manipulate the parent agent or hide/exfiltrate data.
No prompt-injection language, system-prompt leakage directives, or guidance poisoning is present; agents are designed to help with planning and delegation, not to subvert the parent agent's instructions.
Sandbox mode is set to read-only across all agents, explicitly constraining their authority and preventing file mutation or external exfiltration.
Details
Evidence
agent-installer.md: 'Prioritize minimal installation steps that match user intent' and 'Do not invent plugin/marketplace mechanics' — instructing safe, bounded behavior.
workflow-orchestrator.md: 'Do not assume Codex auto-spawns, auto-synchronizes, or auto-integrates agents without explicit parent-agent instructions' — respecting parent control.
All agents: sandbox_mode: read-only — enforcing no write/delete/shell authority.
Permissions
Low
No tools or hooks are declared in the profile; agents are pure instruction/guidance profiles without executable permissions.
Sandbox mode is uniformly set to read-only, preventing file writes, deletions, shell execution, or network exfiltration.
Authority is limited to planning, analysis, and synthesis — all non-destructive cognitive tasks aligned with stated purpose.