Skills
skills/fwehrling/forge/forge-quick-spec/Gen Agent Trust Hub

forge-quick-spec

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several forge-memory CLI commands including search, log, consolidate, and sync. These are local operations designed to manage project state and history within the FORGE development environment.
  • [DATA_EXFILTRATION]: The skill reads project-specific context from .forge/memory/MEMORY.md. This is a local file access within the project scope. No network requests to non-whitelisted domains or access to sensitive system credentials (e.g., SSH keys, AWS configs) were detected.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external project data.
  • Ingestion points: Data is ingested from .forge/memory/MEMORY.md and the user-provided change description.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are used when reading project memory.
  • Capability inventory: Capabilities are limited to executing the specific forge-memory tool suite.
  • Sanitization: There is no explicit sanitization of the memory file content or the user's description before they are used in the workflow or interpolated into CLI logging commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 07:12 PM