form-fill
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the author's own infrastructure (deepread.tech) for API endpoints and data storage, which is consistent with the stated purpose of the skill.
- [DATA_EXFILTRATION]: The skill transmits PDF documents and JSON data to the vendor's API. This is the primary function of the tool and does not constitute unauthorized exfiltration as the destination is the official vendor service.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses an indirect injection surface as it processes external PDF files and JSON data through a third-party API.
- Ingestion points: Untrusted PDF files and JSON metadata are uploaded via the
POST /v1/form-fillendpoint. - Boundary markers: No specific delimiters or instructions to ignore embedded content are provided in the skill instructions.
- Capability inventory: The skill has access to
Bash,Read, andWritetools, which could potentially be targeted if malicious instructions were returned in an API response (e.g., within error messages or report summaries). - Sanitization: No sanitization of API output is performed before it is presented to the agent.
Audit Metadata