forge-qa
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes content from external story files to define its validation workflow.
- Ingestion points: Markdown files located in
docs/stories/are read in Phase 1 to extract acceptance criteria and development notes. - Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are used when processing the content of these story files.
- Capability inventory: The agent has permissions to execute shell commands (test runners), write new documentation, and edit existing files across the repository.
- Sanitization: The skill does not implement sanitization or validation of the extracted criteria before using them to guide its logic.
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute standard test runners, includingmake,pytest,npm, andbun. These operations are limited to test-related commands as defined in the skill's tool constraints, aligning with the skill's primary purpose of code validation.
Audit Metadata