skill-forge
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides a framework for creating and reviewing AI agent skills, which involves ingesting untrusted data from user-provided workflows and existing SKILL.md files.
- Ingestion points: User-supplied text descriptions, conversation history mining, and existing markdown files processed in 'Improve Mode', 'Review Mode', and 'Extract Mode'.
- Boundary markers: The instructions do not define specific delimiters or 'ignore' instructions for the agent when processing external content, increasing the risk of the agent obeying instructions embedded within the data.
- Capability inventory: The skill includes local Python scripts (
validate_skill.pyandpackage_skill.py) that perform file system operations (read, write, zip) within the provided path. The instructions also suggest the use of MCP tools and code execution for validation. - Sanitization: There is no evidence of sanitization or content filtering for the data being ingested and processed by the Skill Forge assistant.
Audit Metadata