forge-auto
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it autonomously ingests and processes untrusted data from the project environment to determine its workflow.\n
- Ingestion points: The skill loads context from several project-level files, including
.forge/memory/MEMORY.md,.forge/sprint-status.yaml, and.forge/config.yml, and utilizes theforge-memory searchcommand to retrieve past decisions.\n - Boundary markers: There are no defined delimiters or specific instructions for the AI to disregard potential commands or overrides embedded within the files it reads.\n
- Capability inventory: The autopilot has the authority to invoke a suite of powerful tools, including
/forge-build,/forge-deploy, and/forge-loop, which perform file system modifications and execution of testing suites.\n - Sanitization: The skill does not describe any mechanism for validating or sanitizing the content of the files it processes before they are interpreted as project context or instructions.
Audit Metadata