forge-security-review
Fail
Audited by Snyk on Jun 12, 2026
Risk Level: CRITICAL
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.90). The skill mandates reading manifests/source files and producing "file-level evidence" and "reproducible PoC/test steps with concrete commands", which would require including hardcoded API keys, tokens, or other secrets verbatim from code if they exist, creating an exfiltration risk.
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.70). Most URLs are benign docs/CDNs, however the presence of a direct downloadable executable ZIP on a GitHub release (fsrt...zip), several attacker-controlled/templated redirect domains (e.g. ${userId}.tracking.attacker.com, external-site callbacks), and internal/metadata endpoints (http://localhost:*/, http://169.254.169.254/) creates a supply‑chain/SSRF/exfiltration risk — direct executable downloads and attacker-controlled redirects should be treated as potentially dangerous until verified.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Runtime path:
scripts/run_static_analysis.sh/scripts/run_static_analysis.ps1downloads an outsider-authored binary (fsrt/fsrt.exe) from GitHub Releases (ARTIFACT_URL) and executes it, so its output can be ingested into the agent’s LLM context as scan results/artifacts.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The provided run_static_analysis scripts download and extract/execute a remote FSRT binary from GitHub Releases (e.g. https://github.com/atlassian-labs/FSRT/releases/download/forge-security-review-test/fsrt-tkallady-release-workflow-.zip), which is fetched at runtime and then executed locally, satisfying runtime fetch + remote code execution.
Issues (4)
W007
HIGHInsecure credential handling detected in skill instructions.
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata