pp-forgejo

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the forgejo-pp-cli and forgejo-pp-mcp tools using npx and go install from the author's GitHub repository (github.com/mvanhorn/printing-press-library).
  • [COMMAND_EXECUTION]: The skill relies on the execution of bash commands to drive the forgejo-pp-cli binary for interacting with Forgejo instances.
  • [DATA_EXFILTRATION]: The tool includes a --deliver webhook: feature that allows routing command output to a specified HTTP endpoint. While a functional feature for automation, it serves as a mechanism for transporting data to external servers.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it ingests and processes untrusted content from external Forgejo instances.
  • Ingestion points: Data enters the agent's context through commands that fetch issues, pull requests, notifications, and repository metadata (SKILL.md).
  • Boundary markers: The CLI tool wraps its output in a JSON provenance envelope with a 'results' field to help distinguish data from metadata (SKILL.md).
  • Capability inventory: The agent has the ability to execute bash commands, write files to the local system, and initiate network requests via API calls and webhooks (SKILL.md).
  • Sanitization: No explicit sanitization or filtering of content retrieved from Forgejo APIs is described within the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 05:27 PM
Security Audit — agent-trust-hub — pp-forgejo