lovstudio-fill-web-form

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [DATA_EXFILTRATION]: The skill is designed to read sensitive local files, including profiles, bios, project descriptions, and user memory (MEMORY.md), to populate form fields. This data access is central to the skill's primary purpose. The synthesized content is written to a local markdown file and presented to the user for review rather than being sent back to the external URL.
  • [PROMPT_INJECTION]: The skill handles untrusted data from external URLs through the WebFetch tool, creating a surface for indirect prompt injection attacks.
  • Ingestion points: WebFetch is used in SKILL.md to retrieve content from arbitrary user-provided URLs.
  • Boundary markers: The prompt instructions for WebFetch do not include explicit delimiters or instructions to ignore embedded commands within the fetched HTML.
  • Capability inventory: The skill possesses extensive local file system access (Read, Grep, Glob, Agent: Explore) and the ability to write files and perform further network requests via WebFetch.
  • Sanitization: There is no evidence of sanitization or filtering of the external content before it is processed by the agent to extract form fields.
  • [EXTERNAL_DOWNLOADS]: The README documentation recommends installation using npx lovstudio skills, which involves downloading and executing the vendor's own command-line utility. This represents standard deployment for the toolset and is not considered a malicious finding.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 09:43 AM
Security Audit — agent-trust-hub — lovstudio-fill-web-form