insforge-debug
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the execution of the
@insforge/clivianpxto perform all diagnostic and information-gathering tasks. - [DATA_EXFILTRATION]: The skill provides the agent with the ability to access highly sensitive information, including project secrets (
secrets get), application source code (functions code), and the ability to run arbitrary SQL queries against the database (db query). This level of access is expected for the skill's stated purpose of debugging a backend infrastructure platform. - [EXTERNAL_DOWNLOADS]: The skill downloads and executes the
@insforge/clitool from the npm registry usingnpx. As this is a well-known service and the package is provided by the skill's author, this is considered standard operational behavior. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks (Category 8) because it processes data from potentially untrusted sources such as application logs and function source code.
- Ingestion points: Backend logs (
postgREST.logs,postgres.logs,insforge.logs), edge function source code, and Vercel deployment metadata. - Boundary markers: None identified; the instructions do not include specific delimiters or warnings to ignore instructions embedded within the logs or code.
- Capability inventory: The skill provides high-privilege tools including secret retrieval, database querying, and code inspection.
- Sanitization: No explicit sanitization or filtering of the ingested external content is described.
Audit Metadata