Skills
skills/morzecrew/forze/forze-wiring/Gen Agent Trust Hub

forze-wiring

Warn

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill's lifecycle configuration examples contain a hardcoded PostgreSQL connection string (DSN) with embedded credentials.
  • Evidence: dsn="postgresql://app:app@localhost:5432/app" in SKILL.md.
  • Context: While provided for a localhost setup, hardcoding app:app credentials is a security anti-pattern.
  • [PROMPT_INJECTION]: The skill implements a framework for processing external data through search and document registries, creating a surface for indirect prompt injection.
  • Ingestion points: SearchRequestDTO for search queries and DocumentDTOs for document operations in SKILL.md.
  • Boundary markers: None provided in the wiring instructions to delimit untrusted input from system instructions.
  • Capability inventory: The skill configures database read/write capabilities via PostgresDepsModule and RedisDepsModule in SKILL.md.
  • Sanitization: No explicit sanitization or validation logic is demonstrated for the external data inputs.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 12, 2026, 11:11 PM
Security Audit — agent-trust-hub — forze-wiring