Skills
skills/fwehrling/forge/forge-verify/Gen Agent Trust Hub

forge-verify

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the forge-memory CLI tool for logging results (log), managing data state (consolidate), and synchronization (sync).
  • [COMMAND_EXECUTION]: The workflow involves running the project's full test suite, which entails executing code found within the environment's test directories.
  • [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface as it ingests untrusted data from story files, source code, and external architecture decisions.
  • Ingestion points: Processes content from .forge/sprint-status.yaml, story files, tests/, and src/ directories.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the processed data are provided.
  • Capability inventory: Access to forge-memory CLI, file-writing capabilities (writing missing tests), and execution of the test suite.
  • Sanitization: No evidence of sanitization or validation of the ingested content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 07:22 PM