forge-security-review

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's static analysis scripts (scripts/run_static_analysis.sh and scripts/run_static_analysis.ps1) download the Forge Static Review Tool (FSRT) binary from the atlassian-labs organization on GitHub. This is an expected operation for the skill's scanning functionality and targets a well-known vendor repository.
  • [COMMAND_EXECUTION]: The skill executes local shell scripts to automate security scanning. This involves downloading, setting execution permissions, and running external binaries on the host system to analyze Forge project directories.
  • [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted third-party source code and manifest.yml files. This creates a surface for Indirect Prompt Injection, where malicious instructions embedded in the analyzed code could attempt to influence the agent's audit report or behavior.
  • Ingestion points: The skill reads the entire Forge project directory provided in the <forge-project-root-directory> argument.
  • Boundary markers: While the skill uses structured rules, it does not implement explicit delimiters or 'ignore' instructions when interpolating untrusted code into the analysis context.
  • Capability inventory: The skill can execute shell commands (scripts/run_static_analysis.sh), read files, and write findings to a dedicated security-audit-artifacts/ directory.
  • Sanitization: There is no explicit sanitization of the analyzed code before it is processed by the agent's logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 09:16 PM
Security Audit — agent-trust-hub — forge-security-review