kirby-forms-and-frontend-actions

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it instructs the agent to handle and verify data originating from user-controlled frontend forms.
  • Ingestion points: User-submitted data from contact forms, file uploads, and registration flows as described in the Workflow (Step 8).
  • Boundary markers: Absent. The instructions do not specify the use of delimiters or warnings to the agent to disregard instructions that might be embedded within the form data it renders or processes.
  • Capability inventory: The agent has access to sensitive tools and information, including kirby:kirby_render_page, the ability to read system configuration via kirby://config/ (which may contain SMTP or API keys), and the ability to inspect/modify templates and controllers.
  • Sanitization: While the skill correctly advises the developer to implement CSRF checks, validation, and escaping in the PHP implementation (Step 6), there are no specific instructions for the agent to sanitize or safely interpolate this data when performing its own verification tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 07:48 AM
Security Audit — agent-trust-hub — kirby-forms-and-frontend-actions