pp-forgejo
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the forgejo-pp-cli and forgejo-pp-mcp tools using npx and go install from the author's GitHub repository (github.com/mvanhorn/printing-press-library).
- [COMMAND_EXECUTION]: The skill relies on the execution of bash commands to drive the forgejo-pp-cli binary for interacting with Forgejo instances.
- [DATA_EXFILTRATION]: The tool includes a --deliver webhook: feature that allows routing command output to a specified HTTP endpoint. While a functional feature for automation, it serves as a mechanism for transporting data to external servers.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it ingests and processes untrusted content from external Forgejo instances.
- Ingestion points: Data enters the agent's context through commands that fetch issues, pull requests, notifications, and repository metadata (SKILL.md).
- Boundary markers: The CLI tool wraps its output in a JSON provenance envelope with a 'results' field to help distinguish data from metadata (SKILL.md).
- Capability inventory: The agent has the ability to execute bash commands, write files to the local system, and initiate network requests via API calls and webhooks (SKILL.md).
- Sanitization: No explicit sanitization or filtering of content retrieved from Forgejo APIs is described within the skill instructions.
Audit Metadata