Email martin.zeman@pm.me with [forge-core security] in the subject. Include affected file, reproduction steps, and impact. Expect acknowledgement within 72 hours.
forge-core documents the adoption mechanism — how external content enters the forge ecosystem. For security concerns about third-party prompts adopted into consumer modules (e.g. forge-dev), see that module's own SECURITY.md.
Every external adoption must:
- Fetch upstream content via a commit-pinned raw URL (never a mutable branch reference)
- Record the upstream
sha256digest in a SLSA provenance sidecar under.provenance/ - Record the deployed file's
sha256digest in the same sidecar (subject.digest.sha256) - List
AdoptArtifactitself as a build dependency inresolvedDependencies - Preserve copyright / attribution as required by the upstream license
The skills/AdoptArtifact/SKILL.md file is the canonical workflow.
provenance:
_type: https://in-toto.io/Statement/v1
subject:
- name: <path>
digest:
sha256: <deployed-content-sha>
predicateType: https://slsa.dev/provenance/v1
predicate:
buildDefinition:
buildType: https://forge-cli/adopt/v1
externalParameters:
upstream_url: <commit-pinned-url>
resolvedDependencies:
- name: upstream
uri: <commit-pinned-url>
digest:
sha256: <upstream-sha>
- name: AdoptArtifact
uri: forge-core/skills/AdoptArtifact/SKILL.md
digest:
sha256: <adoptartifact-sha>forge validate . # schema + content checks
forge provenance . # deployed-vs-sidecar digest matchforge provenance reports per-module verification. Any file whose on-disk digest does not match its sidecar's subject.digest.sha256 is flagged. A mismatch means either a benign post-adoption edit without sidecar refresh, or content drift that warrants investigation.
- New adoptions go through
AdoptArtifact— SHA-pinned URLs, provenance sidecars, attribution footers - Pin bumps re-verify the SLSA chain and re-read behavioural content before merging
- Release tags pin
validate.shand schema artifacts so downstream modules' pre-commit hooks have stable hashes to anchor
In scope:
- Weaknesses in the
AdoptArtifactworkflow that would allow unverified content to enter the ecosystem - Missing or falsifiable provenance fields in sidecars
- Schema or attribution requirements that fail to protect license compliance
Out of scope:
- Behavioural issues in specific adopted skills — report to the consuming module's
SECURITY.md - Issues in the
forge-clibinary itself — see forge-cli