insforge-cli
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to install the Fly.io CLI using a piped shell script (
curl -L https://fly.io/install.sh | sh). Fly.io is a well-known infrastructure service required for the skill's container deployment features. This execution is performed against an official, well-known domain. - [COMMAND_EXECUTION]: The primary purpose of the skill is to execute management commands via
npx @insforge/cli. This includes powerful operations such as database schema changes, service lifecycle management (start/stop/delete), and secret manipulation, all of which are intended for administrative use. - [EXTERNAL_DOWNLOADS]: The skill's project creation workflow automatically installs additional agent skills from the vendor's repository (
insforge/agent-skills) using thenpx skills addcommand. - [CREDENTIALS_UNSAFE]: The documentation describes the use of environment variables like
INSFORGE_PASSWORDfor non-interactive authentication. However, it also promotes best practices by providing a dedicated secrets management API (npx @insforge/cli secrets) to avoid hardcoding sensitive values. - [PROMPT_INJECTION]: The
diagnose --aicommand accepts natural language descriptions of issues as input. This creates a surface for indirect prompt injection: - Ingestion points: User-provided descriptions in the
diagnose --ai "<issue>"command (SKILL.md). - Boundary markers: None identified in the instructional prompt.
- Capability inventory: The CLI can execute SQL queries, read system logs, manage containerized services, and read decrypted secrets.
- Sanitization: No specific sanitization or filtering of the input description is described before it is processed by the diagnostic agent.
Audit Metadata