forge-implement
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to its handling of untrusted external data.
- Ingestion points: The skill fetches data from external Issue Trackers and processes free-text descriptions to extract requirements in
SKILL.md. - Boundary markers: No explicit delimiters or boundary markers are used to separate external issue content from the agent's instructions.
- Capability inventory: The skill is capable of file modifications, git operations, and executing shell scripts as defined in
SKILL.mdandreferences/phase-execution.md. - Sanitization: There is no evidence of sanitization or filtering applied to the issue content before it influences the planning phase.
- Mitigation: A security best practice is implemented in
roles/forge-scout.md, where research is delegated to a sub-agent that is isolated from the original issue text to prevent instruction leakage into the codebase analysis. - [COMMAND_EXECUTION]: The skill performs dynamic command discovery and execution based on local project files. In
SKILL.md(Step 7), the agent is instructed to find and run quality checks and scripts mentioned inAGENTS.mdor other repository documentation. This enables the execution of arbitrary shell commands defined within the processed project's documentation.
Audit Metadata