The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the insforge CLI tool to perform various infrastructure tasks, including database operations, function deployments, and project configuration.
[EXTERNAL_DOWNLOADS]: The insforge create command automatically triggers the installation of additional agent skills from the vendor's repository (insforge/agent-skills) using the npx package runner. Additionally, deployments and edge functions involve installing dependencies via npm.
[DATA_EXFILTRATION]: The CLI provides capabilities to export entire database schemas and row data to local files and allows the retrieval of plaintext secret values via the insforge secrets get command, which could be exploited to exfiltrate sensitive project information.
[PROMPT_INJECTION]: Indirect prompt injection surface identified (Category 8):
Ingestion points: SQL query strings provided in prompts and source code files for edge functions (insforge/functions/{slug}/index.ts) are processed and executed.
Boundary markers: None identified; the skill does not provide instructions to ignore malicious code or SQL commands embedded in the data it processes.
Capability inventory: High-privilege access to database tables (including system tables with --unrestricted), storage buckets, and serverless deployment pipelines.
Sanitization: SQL queries and function code are executed directly without visible validation, escaping, or security filtering.
[CREDENTIALS_UNSAFE]: The skill manages and accesses sensitive authentication tokens and project API keys stored in local files such as ~/.insforge/credentials.json and .insforge/project.json.

insforge-cli