insforge-cli

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches a setup script for the flyctl command-line tool from the official Fly.io domain (https://fly.io/install.sh). As Fly.io is a well-known cloud infrastructure provider, this is a standard operational procedure.
  • [REMOTE_CODE_EXECUTION]: Instructions describe installing third-party tooling by piping a remote shell script from Fly.io's official website directly to the shell.
  • [COMMAND_EXECUTION]: The skill makes extensive use of npx to execute the vendor's own @insforge/cli tool and shells out to flyctl to manage containerized services on Fly.io.
  • [DATA_EXFILTRATION]: Manages sensitive project credentials, including access tokens and Stripe API keys, via environment variables and local configuration files (~/.insforge/credentials.json). It includes specific instructions on treating these as server-side secrets and preventing exposure in public environment variables.
  • [PROMPT_INJECTION]: The skill facilitates the processing of user-controlled project configuration and database migration scripts, which constitutes an indirect prompt injection attack surface.
  • Ingestion points: Processes local project files such as insforge.toml, Dockerfile, .env files, and SQL scripts in the migrations/ directory.
  • Boundary markers: None specified for separating instructions from processed file content.
  • Capability inventory: Extensive capabilities including shell command execution (npx, flyctl), database schema and row modification, and remote service deployment.
  • Sanitization: Relies on the underlying CLI tool's internal logic; no explicit sanitization or validation logic is provided in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 03:26 PM
Security Audit — agent-trust-hub — insforge-cli