insforge-integrations

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The reference materials promote industry-standard security patterns, such as implementing Row Level Security (RLS) policies to protect user data and utilizing separate database schemas to isolate authentication tables from the public API.
  • [EXTERNAL_DOWNLOADS]: The skill instructs users to install well-known third-party libraries (e.g., viem, jsonwebtoken, and SDKs from Auth0, Clerk, and WorkOS) along with vendor-specific packages (@insforge/sdk) from the official NPM registry.
  • [COMMAND_EXECUTION]: The documentation references the use of the vendor's command-line interface (@insforge/cli) via npx for secure project configuration and database migration tasks.
  • [PROMPT_INJECTION]: The payment facilitator guide (references/okx-x402.md) contains an example of an endpoint that generates content via an LLM. While this represents a potential indirect prompt injection surface due to data interpolation, it is used here for a legitimate educational purpose within a developer-focused integration guide.
  • Ingestion points: Data from payment verification headers parsed in references/okx-x402.md.
  • Boundary markers: None used in the prompt construction within the code sample.
  • Capability inventory: Use of insforge.ai.chat.completions.create for content generation.
  • Sanitization: Not explicitly implemented in the provided illustrative code.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 09:41 AM
Security Audit — agent-trust-hub — insforge-integrations