forge-cost-optimizer
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill reads application configuration and source code files (manifest.yml, package.json, src/**) to provide optimization advice. This file access is limited to the local project context and is essential for the skill's functionality.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted code and configuration files during its audit phase. However, it implements a secure workflow by requiring a manual audit report before making any changes and explicitly instructing the agent only to modify files when specifically requested by the user. These guardrails effectively mitigate the risk of malicious code influencing the agent's behavior.
- [SAFE]: No obfuscation, prompt injection, or unauthorized network operations were detected. All external links point to official Atlassian documentation, which is a trusted source.
Audit Metadata