insforge-backend-advisor

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to use npx @insforge/cli, which downloads the latest version of the InsForge CLI from the npm registry at runtime. This is the official and expected deployment mechanism for the vendor's tools.
  • [COMMAND_EXECUTION]: Provides extensive instructions for using the @insforge/cli tool to perform administrative and diagnostic tasks, including running an advisor scan (diagnose advisor), inspecting database policies (db policies), and viewing system metrics (diagnose metrics). It also includes a tool for executing ad-hoc SQL queries (npx @insforge/cli db query), which is necessary for deep-dive performance audits. Commands like secrets list --all are used to manage project metadata; as noted in the instructions, secret values are suppressed by default unless explicitly requested.
  • [PROMPT_INJECTION]: The skill is designed to ingest and process data from database query results and system logs (e.g., npx @insforge/cli logs). While this creates an indirect prompt injection surface if an attacker controls database content or log entries, the risk is inherent to diagnostic tools.
  • Ingestion points: Data enters the agent context via diagnose advisor JSON output, database query results, and log aggregation commands in SKILL.md.
  • Boundary markers: The instructions do not currently specify the use of delimiters or specific 'ignore' instructions for the data being analyzed.
  • Capability inventory: The agent has the ability to execute database queries and perform project management via the CLI (documented in SKILL.md).
  • Sanitization: There are no explicit instructions for sanitizing or escaping the data retrieved from external sources before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 03:25 PM
Security Audit — agent-trust-hub — insforge-backend-advisor