Form Handling

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only frontend form-handling skill with no executable code, credentials, or hidden data access observed.

This skill is reasonable to install if you want frontend form implementation guidance. Be aware that its trigger wording is somewhat broad, so it may activate on Chinese or form-related requests where a narrower project-specific skill could be more appropriate.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The description uses expansive activation criteria such as 'building or reviewing substantial forms' plus a long list of broad technologies and scenarios, which can cause the skill to be invoked outside a narrowly intended scope. Over-broad routing increases the chance the agent applies this skill in inappropriate contexts, leading to unsafe or low-quality guidance being surfaced where more specialized review would be needed.

Natural-Language Policy Violations

Low

Confidence: 82% confidence
Finding: The description embeds Chinese trigger terms directly without stating that multilingual activation is optional or based on user language preference. This can cause unintended invocation for Chinese-language requests even when the user did not opt into this skill selection behavior, creating routing ambiguity and possible misapplication of the skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal