forge-team
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it builds sub-agent instructions using content from external files (docs/stories/*.md) and user input (topic, objective) without sanitization. * Ingestion points: User arguments and story documentation. * Boundary markers: None present in spawn templates. * Capability inventory: File writing, CLI tool execution, and agent spawning. * Sanitization: None present.
- [COMMAND_EXECUTION]: Orchestrates the execution of local development tools including lint, typecheck, forge-memory, and test suites. This is a core feature of the skill.
- [DATA_EXFILTRATION]: Instructs the agent to read ~/.claude/settings.json to verify the Agent Teams environment variable. While this path is sensitive, the access is limited to a configuration check necessary for the skill's functionality.
Audit Metadata