form-builder
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized operations were detected. The skill contents are purely instructional and follow standard practices for docassemble YAML generation.
- [EXTERNAL_DOWNLOADS]: The skill references the official documentation and GitHub repository for the docassemble platform, which is recognized as a well-known open-source project.
- [PROMPT_INJECTION]: The skill ingests user input to generate document templates, representing a standard indirect prompt injection surface (Category 8). Ingestion points: User-provided form requirements and conditional logic. Boundary markers: None. Capability inventory: Integration with office-mcp server for document creation and filling. Sanitization: Not explicitly addressed in the provided instructions. This surface is inherent to document generation tools and does not constitute a specific malicious finding.
Audit Metadata