lovstudio-fill-web-form
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to read sensitive local files, including profiles, bios, project descriptions, and user memory (
MEMORY.md), to populate form fields. This data access is central to the skill's primary purpose. The synthesized content is written to a local markdown file and presented to the user for review rather than being sent back to the external URL. - [PROMPT_INJECTION]: The skill handles untrusted data from external URLs through the
WebFetchtool, creating a surface for indirect prompt injection attacks. - Ingestion points:
WebFetchis used inSKILL.mdto retrieve content from arbitrary user-provided URLs. - Boundary markers: The prompt instructions for
WebFetchdo not include explicit delimiters or instructions to ignore embedded commands within the fetched HTML. - Capability inventory: The skill possesses extensive local file system access (
Read,Grep,Glob,Agent: Explore) and the ability to write files and perform further network requests viaWebFetch. - Sanitization: There is no evidence of sanitization or filtering of the external content before it is processed by the agent to extract form fields.
- [EXTERNAL_DOWNLOADS]: The README documentation recommends installation using
npx lovstudio skills, which involves downloading and executing the vendor's own command-line utility. This represents standard deployment for the toolset and is not considered a malicious finding.
Audit Metadata