insforge-debug

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute various diagnostic and administrative commands using npx @insforge/cli. These include system health checks (diagnose), log retrieval (logs), database management (db query, db policies), and secret retrieval (secrets get).
  • [EXTERNAL_DOWNLOADS]: Uses npx to download and execute the @insforge/cli package from the npm registry. This package belongs to the 'insforge' organization, which matches the skill's author and intended vendor context.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the combination of high-privilege capabilities and the ingestion of untrusted data.
  • Ingestion points: The skill reads content from multiple log sources (insforge.logs, postgREST.logs, postgres.logs, function.logs) and processes user-provided natural language descriptions in the diagnose --ai command.
  • Boundary markers: No explicit delimiters or instructions are used to separate ingested data from agent instructions.
  • Capability inventory: The agent has access to sensitive tools including npx @insforge/cli db query (arbitrary SQL execution), npx @insforge/cli secrets get (access to project secrets), and npx @insforge/cli functions code (source code retrieval).
  • Sanitization: There are no mentioned mechanisms for sanitizing or escaping the data retrieved from logs before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 10:40 PM
Security Audit — agent-trust-hub — insforge-debug