form-filler
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill possesses a surface for indirect prompt injection as it ingests untrusted data from external files and writes to the file system. * Ingestion points: Untrusted data enters the context via
load(),fill_from_json(), andbatch_fill()(referenced inSKILL.md). * Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands in the processed data. * Capability inventory: The skill has file-write capabilities viasave()andbatch_fill(). * Sanitization: Absent; no validation or escaping of input data is documented. - [Missing Implementation] (MEDIUM): The documentation in
SKILL.mdrefers to aform_filler.pyscript and aFormFillerclass, but these files are missing from the skill directory. This prevents verification of potential Category 4 (Remote Code Execution) or Category 10 (Dynamic Execution) risks within the actual Python logic.
Audit Metadata