forge-dev
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to read and process content from untrusted local files (e.g.,
docs/stories/**/*.md). An attacker with write access to the repository could attempt to embed malicious instructions within these stories. However, the skill provides a rigid framework for implementation and verification, which serves as a functional control. - Ingestion points: User story files are read from the repository using the
Readtool. - Boundary markers: No explicit delimiters or XML tags are utilized to encapsulate content from story files.
- Capability inventory: The agent possesses capabilities to modify files and execute shell commands (e.g., git, npm, pytest).
- Sanitization: No explicit sanitization of story file content is described.
- [COMMAND_EXECUTION]: The skill facilitates the execution of local development and verification commands such as
make test,npm run lint, andpytest. These operations are integral to the skill's purpose as a software implementation assistant and are restricted to the tools specified in the platform configuration.
Audit Metadata