forge
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill restricts file system operations to the local project storage directory (~/.claude/projects/) and does not perform any external network requests or sensitive data exfiltration.
- [SAFE]: A strictly enforced 'Iron Law' prevents the skill from automatically editing its own or other skills' code, requiring all proposed mutations to be manually reviewed and applied by a human.
- [PROMPT_INJECTION]: The skill includes an indirect prompt injection surface through the ingestion of untrusted session logs and artifacts into analysis subagents. Ingestion points: placeholders in the retrospective-prompt.md and diagnostic-extraction-prompt.md files. Boundary markers: Markdown headers are used as separators. Capability inventory: Reads and writes to the local memory directory and calls crucible tools. Sanitization: None, though risk is mitigated as the subagents only produce advisory text rather than executable commands.
Audit Metadata