Skills
skills/mgratzer/forge/forge-setup-project/Gen Agent Trust Hub

forge-setup-project

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands for routine project configuration tasks related to documentation compatibility.\n
  • Evidence: In Step 7, it executes rm -f CLAUDE.md and ln -sf AGENTS.md CLAUDE.md. These commands are used to maintain a consistent documentation interface and are appropriate for the tool's stated purpose.\n- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it ingests and processes existing documentation and codebase information to generate new context files.\n
  • Ingestion points: The skill scans and reads files including AGENTS.md, CLAUDE.md, README.md, and content within the docs/ directory (Step 1 and Step 3).\n
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions to isolate content read from project files during the audit and migration process.\n
  • Capability inventory: The skill has access to Write and Edit tools for file modification and Bash for command execution, creating a potential path for injected instructions to influence project state.\n
  • Sanitization: There is no explicit requirement or mechanism described for sanitizing or validating the ingested documentation content before it is rewritten or summarized.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 05:53 PM