forge-setup-project
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes Bash for codebase exploration using commands like
lsandfindand uses Git for staging and committing documentation changes. These operations are conducted locally and are aligned with the skill's stated purpose of context infrastructure setup.\n- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection by reading content from potentially untrusted files within the project (such aspackage.json,CLAUDE.md, or other existing documentation) and incorporating that content into new documentation files.\n - Ingestion points: Content is ingested using the
Readtool from files likepackage.json,Makefile,Taskfile.yml, and existing markdown documents in thedocs/directory.\n - Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore or isolate instructions that might be embedded within the ingested project files.\n
- Capability inventory: The skill has access to several powerful tools including
Bash,Write,Edit, andgit, which could be exploited if the agent follows malicious instructions hidden in the data it reads.\n - Sanitization: No sanitization, escaping, or validation logic is applied to the content retrieved from the codebase before it is processed or written to new files.
Audit Metadata