insforge-debug
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to the interpolation of untrusted user data into shell commands.
- Ingestion points: User-provided issue descriptions are passed directly to the
npx @insforge/cli diagnose --aicommand. - Boundary markers: The skill uses double quotes in the command template but lacks explicit instructions for the agent to sanitize or escape user input.
- Capability inventory: The agent is granted access to sensitive operations including arbitrary database queries (
db query), secret retrieval (secrets get), and access to multiple log streams. - Sanitization: No sanitization or validation logic is defined for the external input.
- [COMMAND_EXECUTION]: The skill relies extensively on executing shell commands via the
@insforge/clitool to perform its primary function. While these commands are directed at the vendor's own infrastructure, the breadth of access (logs, database, secrets, deployments) requires the agent to handle user-provided parameters with caution to avoid command injection.
Audit Metadata