form-filling
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill requires the installation of the 'datalab-python-sdk' and 'python-dotenv' packages. These are not from a verified trusted organization, which is a common vector for supply chain attacks.
- Data Exposure & Exfiltration (LOW): The skill transmits document contents and field data to 'datalab.to' for processing. While this is the intended functionality, users should be aware that sensitive information (like SSNs seen in sample data) is sent to a third-party service.
- Indirect Prompt Injection (LOW): The skill has an attack surface for indirect prompt injection. Ingestion points: Processes external PDF files, image forms, and user-provided JSON data via the 'client.fill' method. Boundary markers: None detected; the skill does not explicitly sanitize or use delimiters to separate instructions from the data within the forms. Capability inventory: Performs network requests (via the SDK) and writes output files to the local filesystem. Sanitization: No evidence of sanitization or validation of the content extracted or processed from the documents.
Audit Metadata