insforge-backend-advisor
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to use
npx @insforge/cli, which downloads the latest version of the InsForge CLI from the npm registry at runtime. This is the official and expected deployment mechanism for the vendor's tools. - [COMMAND_EXECUTION]: Provides extensive instructions for using the
@insforge/clitool to perform administrative and diagnostic tasks, including running an advisor scan (diagnose advisor), inspecting database policies (db policies), and viewing system metrics (diagnose metrics). It also includes a tool for executing ad-hoc SQL queries (npx @insforge/cli db query), which is necessary for deep-dive performance audits. Commands likesecrets list --allare used to manage project metadata; as noted in the instructions, secret values are suppressed by default unless explicitly requested. - [PROMPT_INJECTION]: The skill is designed to ingest and process data from database query results and system logs (e.g.,
npx @insforge/cli logs). While this creates an indirect prompt injection surface if an attacker controls database content or log entries, the risk is inherent to diagnostic tools. - Ingestion points: Data enters the agent context via
diagnose advisorJSON output, database query results, and log aggregation commands inSKILL.md. - Boundary markers: The instructions do not currently specify the use of delimiters or specific 'ignore' instructions for the data being analyzed.
- Capability inventory: The agent has the ability to execute database queries and perform project management via the CLI (documented in
SKILL.md). - Sanitization: There are no explicit instructions for sanitizing or escaping the data retrieved from external sources before processing.
Audit Metadata