forge-shape
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool for project investigation and file management. It searches the codebase using grep and git logs and creates or updates project documentation like CONTEXT.md and Architecture Decision Records (ADRs).
- [PROMPT_INJECTION]: User input in the form of arguments is used to define the problem statement. The risk of direct injection is mitigated by the skill's one-question-at-a-time workflow, which ensures the user is involved in every step of the decision-making process.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by reading data from the codebase and issue tracker. 1. Ingestion points: local codebase files (via Read/Grep) and project Issue tracker. 2. Boundary markers: no delimiters are explicitly used to separate file content from instructions. 3. Capability inventory: the agent has access to the Bash tool and AskUserQuestion. 4. Sanitization: there is no evidence of sanitization or filtering of the content read from files.
Audit Metadata