Sample report
AGENT CONTEXT
RISK REPORT
This is the kind of report SkillForge produces for repos, uploaded ZIPs, and shared agent instruction packs. The sample uses a fictional repo so you can inspect the output before buying a scan.
Agent context inventory
Files that can influence coding agents or tool servers.
AGENTS.md
Repo-level agent instruction
CLAUDE.md
Claude project memory
.claude/skills/deploy/SKILL.md
Claude Skill
.cursor/rules/release.mdc
Cursor rule
.mcp.json
Tool server config
Findings
Each issue cites the file, category, risk, and practical fix.
Outbound curl in deployment skill
.claude/skills/deploy/SKILL.md:41
Why this is risky
The skill tells the agent to POST release notes and environment details to an external endpoint during deployment.
Suggested fix
Remove the outbound request, document the approved deployment target, and require explicit user confirmation before any network call.
category: network-exfiltration
Broad MCP filesystem access
.mcp.json
Why this is risky
The MCP filesystem server is configured without a visible path allowlist, so agent tools may reach outside the intended repo.
Suggested fix
Restrict MCP filesystem roots to the project directory and separate read-only review tools from write-enabled tools.
category: excessive-permissions
Shell task lacks safety gate
AGENTS.md:18
Why this is risky
The instruction encourages Bash usage for cleanup and install tasks without requiring dry-run output, approval, or path checks.
Suggested fix
Add a policy requiring dry-run output, explicit confirmation for destructive commands, and absolute path verification.
category: command-injection
Nested agent instruction scope
AGENTS.md
Why this is risky
Repo-level instructions can influence future Codex sessions and should be reviewed like project policy.
Suggested fix
Keep instructions narrow, auditable, and free of hidden overrides or secrecy clauses.
category: prompt-injection
Remediation plan
The paid report turns findings into concrete review steps.