Problem
An agent that regenerates dependency lockfiles could silently introduce a poisoned or downgraded dependency (the nx/debug class), which then executes on the next build.
Current state
The cli_execute sandbox, binary allowlist, and egress allowlist already contain most execution/exfil impact (forge-cli/tools/cli_execute.go, forge-core/security/resolver.go). There is no specific guard for agents that regenerate lockfiles. This is a low residual after the existing controls. See docs/security/owasp-asi-conformance.md (ASI05).
Proposed control
Optional lockfile-change detection/approval in the build or skill path (diff the lockfile, flag or require approval on change).
Acceptance criteria
Conformance test
TestASI05_LockfileChangeFlagged (low priority).
Out of scope
Full dependency vulnerability scanning (overlaps SBOM/AIBOM issue). Non-lockfile RCE surfaces (already Enforced).
Guideline reference
ASI05 residual, mitigation #4/#7 (OWASP Agentic Top 10 2026).
Problem
An agent that regenerates dependency lockfiles could silently introduce a poisoned or downgraded dependency (the nx/debug class), which then executes on the next build.
Current state
The
cli_executesandbox, binary allowlist, and egress allowlist already contain most execution/exfil impact (forge-cli/tools/cli_execute.go,forge-core/security/resolver.go). There is no specific guard for agents that regenerate lockfiles. This is a low residual after the existing controls. Seedocs/security/owasp-asi-conformance.md(ASI05).Proposed control
Optional lockfile-change detection/approval in the build or skill path (diff the lockfile, flag or require approval on change).
Acceptance criteria
Conformance test
TestASI05_LockfileChangeFlagged(low priority).Out of scope
Full dependency vulnerability scanning (overlaps SBOM/AIBOM issue). Non-lockfile RCE surfaces (already Enforced).
Guideline reference
ASI05 residual, mitigation #4/#7 (OWASP Agentic Top 10 2026).