forge-stories
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
forge-memoryCLI for project state management, including operations like search, log, and sync. This tool is a vendor-provided resource associated with the Forge SM agent environment. - [PROMPT_INJECTION]: The skill processes untrusted content from local documentation files, creating an attack surface for indirect prompt injection.
- Ingestion points: The skill reads
docs/prd.md,docs/architecture.md, and.forge/memory/sessions/into the agent's context. - Boundary markers: No specific delimiters or instructions are used to differentiate ingested documentation from the agent's primary system instructions.
- Capability inventory: The agent can write generated stories to the
docs/stories/directory and interact with theforge-memorymemory management tool. - Sanitization: There is no evidence of sanitization or validation of the input documentation contents before they are processed by the agent.
Audit Metadata