skill-forge
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions (found in SKILL-ENHANCED.md and QUICK-REFERENCE.md) mandate the use of
npx claude-flow@alpha. This triggers the download and execution of a third-party package from the NPM registry that is not associated with a trusted organization or well-known service. - [COMMAND_EXECUTION]: The orchestration workflow is heavily dependent on the execution of shell commands. This includes session management via
npx, environment setup usingpip, and the execution of local Python scripts (validate_skill.pyandpackage_skill.py) that perform recursive file system operations. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted user data (the skill request description) into a 7-phase agent chain without appropriate boundary markers.
- Ingestion points: Untrusted data enters the agent context in Phase 1 of SKILL-ENHANCED.md.
- Boundary markers: Absent; the instructions do not specify delimiters to separate user input from system-level agent instructions.
- Capability inventory: The skill possesses significant capabilities, including the ability to execute shell commands (
npx), perform memory operations, and write files to the local system. - Sanitization: No validation or sanitization of the user-provided request is performed before it is passed to the specialized agents.
Audit Metadata