insforge-debug
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute various diagnostic and administrative commands using
npx @insforge/cli. These include system health checks (diagnose), log retrieval (logs), database management (db query,db policies), and secret retrieval (secrets get). - [EXTERNAL_DOWNLOADS]: Uses
npxto download and execute the@insforge/clipackage from the npm registry. This package belongs to the 'insforge' organization, which matches the skill's author and intended vendor context. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the combination of high-privilege capabilities and the ingestion of untrusted data.
- Ingestion points: The skill reads content from multiple log sources (
insforge.logs,postgREST.logs,postgres.logs,function.logs) and processes user-provided natural language descriptions in thediagnose --aicommand. - Boundary markers: No explicit delimiters or instructions are used to separate ingested data from agent instructions.
- Capability inventory: The agent has access to sensitive tools including
npx @insforge/cli db query(arbitrary SQL execution),npx @insforge/cli secrets get(access to project secrets), andnpx @insforge/cli functions code(source code retrieval). - Sanitization: There are no mentioned mechanisms for sanitizing or escaping the data retrieved from logs before it is processed by the agent.
Audit Metadata