insforge-integrations
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The reference materials promote industry-standard security patterns, such as implementing Row Level Security (RLS) policies to protect user data and utilizing separate database schemas to isolate authentication tables from the public API.
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install well-known third-party libraries (e.g., viem, jsonwebtoken, and SDKs from Auth0, Clerk, and WorkOS) along with vendor-specific packages (@insforge/sdk) from the official NPM registry.
- [COMMAND_EXECUTION]: The documentation references the use of the vendor's command-line interface (@insforge/cli) via npx for secure project configuration and database migration tasks.
- [PROMPT_INJECTION]: The payment facilitator guide (references/okx-x402.md) contains an example of an endpoint that generates content via an LLM. While this represents a potential indirect prompt injection surface due to data interpolation, it is used here for a legitimate educational purpose within a developer-focused integration guide.
- Ingestion points: Data from payment verification headers parsed in references/okx-x402.md.
- Boundary markers: None used in the prompt construction within the code sample.
- Capability inventory: Use of insforge.ai.chat.completions.create for content generation.
- Sanitization: Not explicitly implemented in the provided illustrative code.
Audit Metadata