formsmd-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill's HTML boilerplate includes script and link tags referencing unpkg.com to load the Forms.md library. This introduces an external dependency from a non-whitelisted source. \n- [DATA_EXFILTRATION] (LOW): The skill instructs the agent to make POST and GET requests to api.rebyte.ai to manage form submissions. These network operations target a non-whitelisted domain, though they are intrinsic to the tool's backend functionality. \n- [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface by interpolating user-provided DSL content ({{FORM_CONTENT}}) into a standalone HTML file. \n
- Ingestion points: The {{FORM_CONTENT}} placeholder in the HTML boilerplate within SKILL.md. \n
- Boundary markers: No explicit sanitization or boundary markers are defined to separate user-provided content from the surrounding HTML/JS context. \n
- Capability inventory: The skill allows the agent to generate and potentially write HTML files that execute JavaScript in a browser context. \n
- Sanitization: No sanitization logic is present to filter malicious scripts or HTML tags from the user input.
Audit Metadata