form-attribution
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill promotes the use of a remote script from an untrusted source (https://cdn.jsdelivr.net/npm/form-attribution@latest/dist/script.min.js). The use of the '@latest' tag is a security risk as it allows for automatic updates that could introduce malicious code into a website via a supply chain attack without any manual review.
- PROMPT_INJECTION (LOW): The skill creates a surface for indirect prompt injection by processing untrusted external data and injecting it into the DOM.
- Ingestion points: The library reads from URL search parameters (e.g., UTMs, click IDs) and document referrer strings.
- Boundary markers: No delimiters or safety instructions are mentioned to prevent the agent or website from treating injected parameters as trusted commands.
- Capability inventory: The script utilizes a MutationObserver to automatically detect and inject hidden input fields into all forms found on the page.
- Sanitization: The documentation does not provide evidence of sanitization or validation of the URL parameters before they are injected into the HTML forms.
Audit Metadata