Skills
skills/thehotwireclub/hotwire_club-skills/hwc-forms-validation/Gen Agent Trust Hub

hwc-forms-validation

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): Code examples in references/2023-11-07-turbo-frames-typeahead-search.md reference external JavaScript libraries from ga.jspm.io (Turbo, Stimulus, es-module-shims). Since this domain is not on the trusted source list, it is classified as a medium-risk external dependency.
  • PROMPT_INJECTION (LOW): The file references/2023-11-07-turbo-frames-typeahead-search.md contains an insecure implementation of search result highlighting. User input from the #query element is used to construct a RegExp and then assigned to innerHTML via string replacement. This pattern is vulnerable to Cross-Site Scripting (XSS) and Indirect Prompt Injection if the input contains malicious HTML or regex control characters. Mandatory Evidence Chain: 1. Ingestion: #query search input. 2. Boundary: None. 3. Capability: innerHTML modification. 4. Sanitization: Absent.
  • DATA_EXFILTRATION (LOW): Examples in references/2024-01-16-stimulus-action-parameters.md involve network operations (PATCH requests). While these appear intended for form submission, they represent a data ingestion surface that should be carefully monitored.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:05 PM