forge-resume
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and processing content from multiple project-level files.
- Ingestion points: The workflow reads
.forge/config.yml,CLAUDE.md,.forge/sprint-status.yaml, and various documents in thedocs/directory including PRDs and stories. - Boundary markers: No delimiters or specific instructions to ignore embedded commands within these files are present.
- Capability inventory: The skill has the capability to execute local commands (
forge-memory) and recommends subsequent tool-assisted actions based on the ingested content. - Sanitization: No sanitization or validation of the file contents is performed before processing.
- [COMMAND_EXECUTION]: The skill executes a local CLI command to retrieve project history.
- Evidence: Step 2 of the workflow executes
forge-memory search "<project name> recent activity" --limit 3. While this is a vendor-specific tool for the FORGE ecosystem, the project name variable could potentially be used for command injection if the project configuration is maliciously crafted.
Audit Metadata