insforge-cli
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides an extensive interface for the
insforgeCLI tool, enabling the agent to execute administrative commands including database queries, storage management, and deployment of serverless functions. - [EXTERNAL_DOWNLOADS]: During project initialization via
insforge create, the skill downloads additional functional components using the commandnpx skills add insforge/agent-skills. This component is a vendor-owned resource. - [CREDENTIALS_UNSAFE]: Documentation identifies local filesystem paths where sensitive credentials are stored, specifically
~/.insforge/credentials.jsonfor session tokens and.insforge/project.jsonfor project-specific admin API keys. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of processing and executing user-provided SQL and source code.
- Ingestion points: User-supplied SQL in
insforge db queryand source code ininsforge functions deploy. - Boundary markers: None present in the instruction set to delimit user data from system commands.
- Capability inventory: High-privilege access including full database manipulation, secret retrieval, and serverless code execution.
- Sanitization: There are no explicit instructions requiring the agent to sanitize or validate user-provided inputs before execution.
Audit Metadata