cli-forge-publish-npm
Warn
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute shell commands for npm publication and CLI execution, including
npm publish, dry-run packaging commands, and local development triggers likecargo run. - [REMOTE_CODE_EXECUTION]: Workflow step 9 directs the agent to "follow the target repository's documented npm release path." This instructs the agent to interpret and execute procedures defined in external, potentially untrusted project documentation, which represents a risk of arbitrary code execution.
- [DATA_EXFILTRATION]: The skill manages npm publication, which typically requires access to registry authentication tokens (e.g., in
.npmrc). If an agent follows malicious instructions found within a target repository's release path, it could lead to the exposure or exfiltration of these credentials. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the data it processes:
- Ingestion points: Target repository documentation, package manifests, and
release-evidence.json(SKILL.md, Workflow Step 4, 8, 9). - Boundary markers: Absent; there are no explicit delimiters or instructions to ignore embedded commands within the processed files.
- Capability inventory: Full shell access for npm and cargo operations.
- Sanitization: Absent; the skill does not specify validation or filtering of the commands extracted from repository documentation before execution.
Audit Metadata