skill-forge
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill architecture is designed to ingest and process untrusted data from both user inputs and external research sources, creating a surface for indirect prompt injection.\n
- Ingestion points: The workflow relies on user-provided domain requirements and workflow descriptions (defined in Phase 1 of SKILL.md and README.md).\n
- Boundary markers: The current documentation and framework commands (/sc:) do not specify the use of delimiters or 'ignore embedded instructions' warnings for external data.\n
- Capability inventory: The system utilizes Playwright for automated browser testing and Tavily for web research, both of which provide access to external, attacker-controllable content.\n
- Sanitization: There is no evidence of sanitization, escaping, or validation of inputs before they are used to generate or test new skills.\n- [EXTERNAL_DOWNLOADS]: The skill integrates with several well-known and trusted external services to facilitate its functionality.\n
- Uses Tavily for automated domain research and market analysis.\n
- Integrates with Playwright for automated testing and validation of skill workflows.
Audit Metadata