forge-security-review
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's static analysis scripts (
scripts/run_static_analysis.shandscripts/run_static_analysis.ps1) download the Forge Static Review Tool (FSRT) binary from theatlassian-labsorganization on GitHub. This is an expected operation for the skill's scanning functionality and targets a well-known vendor repository. - [COMMAND_EXECUTION]: The skill executes local shell scripts to automate security scanning. This involves downloading, setting execution permissions, and running external binaries on the host system to analyze Forge project directories.
- [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted third-party source code and
manifest.ymlfiles. This creates a surface for Indirect Prompt Injection, where malicious instructions embedded in the analyzed code could attempt to influence the agent's audit report or behavior. - Ingestion points: The skill reads the entire Forge project directory provided in the
<forge-project-root-directory>argument. - Boundary markers: While the skill uses structured rules, it does not implement explicit delimiters or 'ignore' instructions when interpolating untrusted code into the analysis context.
- Capability inventory: The skill can execute shell commands (
scripts/run_static_analysis.sh), read files, and write findings to a dedicatedsecurity-audit-artifacts/directory. - Sanitization: There is no explicit sanitization of the analyzed code before it is processed by the agent's logic.
Audit Metadata