forki
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's functionality aligns with its described purpose of helping users resolve complex decisions into binary choices and analyzing them through role-based decomposition.
- [COMMAND_EXECUTION]: The skill invokes local bash scripts (
query-assets.shandrecord-asset.sh) located within the platform's plugin root directory. These are used to query and record decision history in the local project's.harnishfolder. - [DATA_EXPOSURE_AND_EXFILTRATION]: Operations are restricted to local file I/O within the workspace (
.harnishdirectory) and temporary system storage (/tmp). No network requests or access to sensitive system credentials (e.g., SSH, AWS keys) were identified. - [INDIRECT_PROMPT_INJECTION]: The skill processes user input to populate decision reports. It demonstrates security best practices by explicitly instructing the agent to escape shell-sensitive characters (
$,",`,\) and utilize quoted heredocs ('FORKI_REPORT_EOF') to prevent command injection when writing data to the filesystem.
Audit Metadata