forge-build
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands to perform development tasks, including 'pnpm run lint', 'pnpm run typecheck', and a vendor-specific tool 'forge-memory' for state logging and synchronization.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and follows instructions from multiple external files that could be modified by third parties. • Ingestion points: File reads from 'docs/stories/*.md', '.forge/sprint-status.yaml', 'docs/architecture.md', and '.forge/config.yml'. • Boundary markers: The skill does not use specific delimiters or instructions to ignore potential commands embedded in the project documentation it reads. • Capability inventory: The agent has high-level capabilities including writing code, creating test files, and executing shell commands. • Sanitization: No sanitization or safety filtering is applied to the content of the documents before they are processed as context for the agent's actions.
- [DATA_EXPOSURE]: The skill reads reference files and agent personas from the user's home directory path '~/.claude/skills/forge/'. While these are specific to the tool's own environment, this represents access to the filesystem outside the immediate project directory.
Audit Metadata