4d-validate-form
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the jsonschema Python package, which is a standard and well-known library for JSON validation.
- [COMMAND_EXECUTION]: The documentation instructs users to execute a local script, scripts/validate_form.py, which is the intended functionality for form validation.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes external .4DForm files.
- Ingestion points: Local .4DForm files are read and processed by scripts/validate_form.py.
- Boundary markers: The instructions do not define markers to separate untrusted data from the agent's instructions.
- Capability inventory: The skill utilizes script execution and file system access as described in the usage section.
- Sanitization: No specific sanitization or validation of the input file content beyond JSON schema compliance is mentioned in the documentation.
Audit Metadata