skf-forger
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external content (source code, documentation, and developer discourse) to generate instructions, creating a surface for indirect prompt injection.
- Ingestion points: Analyzes local file systems and remote repositories via GitHub URLs and package registries (Capability QS).
- Boundary markers: No explicit delimiters are specified in the instructions to separate ingested data from the agent's operational logic.
- Capability inventory: The skill can modify environment-level configuration files such as .cursorrules, CLAUDE.md, and AGENTS.md (Capability EX), which directly influence the behavior of other AI agents.
- Sanitization: No mention of content sanitization or validation for the strings parsed from ingested repositories.
- [EXTERNAL_DOWNLOADS]: Includes functionality to retrieve data from external GitHub repositories and public package registries to support its 'Quick Skill' generation feature.
- [COMMAND_EXECUTION]: Acts as an orchestration layer that invokes specialized sub-skills (e.g., skf-setup, skf-create-skill, skf-export-skill) to perform file system operations, repository analysis, and project environment modifications.
Audit Metadata