forge
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill invokes the 'ao' CLI via shell commands to process transcripts and index extracted data. These operations are core to the skill's functionality and use local paths within the '.agents/' directory.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted data from session transcripts which may contain adversarial instructions.
- Ingestion points: Transcript files and session history processed via 'ao forge transcript'.
- Boundary markers: The skill uses specific signal keywords (e.g., 'decided to', 'learned that') to delimit data, but lacks robust sanitization for the extracted content.
- Capability inventory: Capability to write to the '.agents/forge/' directory and index data for later retrieval.
- Sanitization: The skill relies on a 'Quality Pool' and Tiered system (Human review or 2+ citations) to mitigate the promotion of malicious or incorrect data to Tier 1 status.
Audit Metadata