insforge-debug
Warn
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the execution of multiple shell commands via the
@insforge/clitool to perform diagnostics and system inspections. - [CREDENTIALS_UNSAFE]: Explicitly provides instructions and commands to retrieve sensitive project secrets, including
npx @insforge/cli secrets get <key>andnpx @insforge/cli secrets list --all. - [DATA_EXFILTRATION]: Facilitates access to sensitive internal data including source code (
npx @insforge/cli functions code <slug>), arbitrary database records through SQL queries (npx @insforge/cli db query "<sql>"), and comprehensive backend logs. - [EXTERNAL_DOWNLOADS]: Fetches and executes the
@insforge/clipackage from the NPM registry usingnpx. This package is associated with the skill's authoring organization. - [PROMPT_INJECTION]: Contains an indirect prompt injection surface through the ingestion of untrusted data:
- Ingestion points: User-provided problem descriptions in the
npx @insforge/cli diagnose --ai "<issue description>"command (SKILL.md), as well as system logs and source code retrieved during diagnostic steps. - Boundary markers: None identified to separate instructions from processed data.
- Capability inventory: The skill has extensive capabilities including shell command execution, secret retrieval, and database access.
- Sanitization: No sanitization or validation steps are described for the data processed by the agent.
Audit Metadata