Skills
skills/vishalsachdev/claude-code-skills/formbuilder-admin/Gen Agent Trust Hub

formbuilder-admin

Warn

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Dynamic Execution] (MEDIUM): The skill provides specific JavaScript snippets in references/event-sessions.md and references/gotchas.md for the agent to execute via browser automation. These scripts are intended to programmatically set datetime-local values and dispatch change events to bypass UI limitations during form interaction.
  • [Indirect Prompt Injection] (LOW): The routing trigger system described in references/workflow-lifecycle.md evaluates untrusted data from form responses. 1. Ingestion points: User-provided 'Answer Values' and 'Text Merge Fields' (referenced in references/workflow-lifecycle.md). 2. Boundary markers: No markers or explicit instructions to disregard embedded instructions are present. 3. Capability inventory: 'Fire Webhook', 'Send Email', and 'Set Question Value' (referenced in references/workflow-lifecycle.md). 4. Sanitization: The documentation does not specify any sanitization or validation of the input data before it influences these automated actions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 21, 2026, 04:27 PM