form-attribution
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS / REMOTE_CODE_EXECUTION] (HIGH): The skill instructs the user to include a remote JavaScript file from a CDN (
https://cdn.jsdelivr.net/npm/form-attribution@latest/dist/script.min.js). This is a remote code execution vector from a source not listed in the Trusted Organizations. - [INDIRECT_PROMPT_INJECTION] (HIGH): This skill creates a high-risk vulnerability surface by processing untrusted external data and possessing write capabilities.
- Ingestion points: The library ingests data from URL parameters (UTMs, click IDs) and the Referrer header (SKILL.md).
- Boundary markers: Absent. The skill does not define delimiters or provide instructions to ignore embedded commands within the captured parameters.
- Capability inventory: The script automatically modifies the DOM to inject hidden fields into all forms on a page (SKILL.md).
- Sanitization: Absent. There is no mention of sanitizing or validating the captured URL parameters before they are injected into form submissions.
- [DATA_EXPOSURE] (MEDIUM): The automatic injection of tracking data into 'all forms' can lead to sensitive forms (login, payment, etc.) being modified with marketing data, which may then be stored in backend logs or processed by systems not intended to handle such metadata.
Recommendations
- AI detected serious security threats
Audit Metadata