pp-forgejo
Warn
Audited by Socket on Jun 28, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the skill largely matches its stated Forgejo-management purpose, but it requires trusting external CLI/MCP binaries, forwards Forgejo credentials to that code, enables broad authenticated admin actions, and supports arbitrary webhook delivery of command output. The main concern is disproportionate operational power and expanded trust, not confirmed malware.
Confidence: 87%Severity: 62%
Audit Metadata