insforge-cli
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches a setup script for the
flyctlcommand-line tool from the official Fly.io domain (https://fly.io/install.sh). As Fly.io is a well-known cloud infrastructure provider, this is a standard operational procedure. - [REMOTE_CODE_EXECUTION]: Instructions describe installing third-party tooling by piping a remote shell script from Fly.io's official website directly to the shell.
- [COMMAND_EXECUTION]: The skill makes extensive use of
npxto execute the vendor's own@insforge/clitool and shells out toflyctlto manage containerized services on Fly.io. - [DATA_EXFILTRATION]: Manages sensitive project credentials, including access tokens and Stripe API keys, via environment variables and local configuration files (~/.insforge/credentials.json). It includes specific instructions on treating these as server-side secrets and preventing exposure in public environment variables.
- [PROMPT_INJECTION]: The skill facilitates the processing of user-controlled project configuration and database migration scripts, which constitutes an indirect prompt injection attack surface.
- Ingestion points: Processes local project files such as
insforge.toml,Dockerfile,.envfiles, and SQL scripts in themigrations/directory. - Boundary markers: None specified for separating instructions from processed file content.
- Capability inventory: Extensive capabilities including shell command execution (
npx,flyctl), database schema and row modification, and remote service deployment. - Sanitization: Relies on the underlying CLI tool's internal logic; no explicit sanitization or validation logic is provided in the instructions.
Audit Metadata