astro-forms
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The skill performs network operations using
fetchto several non-whitelisted domains includingapi.resend.com,api.brevo.com,script.google.com, andchallenges.cloudflare.com. While these are legitimate service endpoints for the skill's stated purpose, they fall outside the predefined whitelist for automated network operations.\n- [PROMPT_INJECTION] (LOW): Detected an Indirect Prompt Injection surface where external data is processed and potentially influences downstream systems.\n - Ingestion points: Untrusted user input enters via form submissions as defined in
references/schemas.md.\n - Boundary markers: No specific delimiters or boundary markers are used to wrap data interpolated into email templates.\n
- Capability inventory: The skill possesses network capabilities to send data via
assets/boilerplate/lib/email/resend.tsandassets/boilerplate/lib/sheets.ts.\n - Sanitization: Although structural validation is performed via Zod, the skill does not explicitly sanitize the content (e.g., HTML escaping) before it is embedded in HTML email templates in
references/resend-setup.md, which could lead to injection issues if the recipient or an automated process interprets the payload.
Audit Metadata