Google Forms iOS

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Google Forms integration, but it asks users to trust a third-party app and API with Google Forms access, response exports, and an API key without clearly documenting scope or data handling.

Install only if you trust the Forms for Google Drive app and gformsfree.com with your Google Forms and response data. Review the Google OAuth consent screen and scopes before connecting, avoid highly sensitive respondent data unless you understand the provider's privacy and retention practices, and revoke access or regenerate GFORMS_API_KEY when you no longer need it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (7)

External Transmission

Medium

Category: Data Exfiltration
Content: ] }).encode() req = urllib.request.Request( 'https://api.gformsfree.com/skill/forms/create', data=data, method='POST' ) req.add_header('Authorization', f'Bearer {os.environ["GFORMS_API_KEY"]}')
Confidence: 91% confidence
Finding: https://api.gformsfree.com/

External Transmission

Medium

Category: Data Exfiltration
Content: import urllib.request, os, json data = json.dumps({"formId": "FORM_ID"}).encode() req = urllib.request.Request( 'https://api.gformsfree.com/skill/forms/export', data=data, method='POST' ) req.add_header('Authorization', f'Bearer {os.environ["GFORMS_API_KEY"]}')
Confidence: 92% confidence
Finding: https://api.gformsfree.com/

External Transmission

Medium

Category: Data Exfiltration
Content: ```bash python3 -c " import urllib.request, os, json req = urllib.request.Request('https://api.gformsfree.com/skill/forms/FORM_ID/summary') req.add_header('Authorization', f'Bearer {os.environ[\"GFORMS_API_KEY\"]}') print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2)) "
Confidence: 92% confidence
Finding: https://api.gformsfree.com/

External Transmission

Medium

Category: Data Exfiltration
Content: ```bash python3 -c " import urllib.request, os, json req = urllib.request.Request('https://api.gformsfree.com/skill/forms/list') req.add_header('Authorization', f'Bearer {os.environ[\"GFORMS_API_KEY\"]}') print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2)) "
Confidence: 89% confidence
Finding: https://api.gformsfree.com/

Env Variable Harvesting

High

Category: Data Exfiltration
Content: 'https://api.gformsfree.com/skill/forms/create', data=data, method='POST' ) req.add_header('Authorization', f'Bearer {os.environ["GFORMS_API_KEY"]}') req.add_header('Content-Type', 'application/json') print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2)) PYEOF
Confidence: 98% confidence
Finding: os.environ["GFORMS_API_KEY"]

Env Variable Harvesting

High

Category: Data Exfiltration
Content: 'https://api.gformsfree.com/skill/forms/export', data=data, method='POST' ) req.add_header('Authorization', f'Bearer {os.environ["GFORMS_API_KEY"]}') req.add_header('Content-Type', 'application/json') print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2)) PYEOF
Confidence: 98% confidence
Finding: os.environ["GFORMS_API_KEY"]

Env Variable Harvesting

High

Category: Data Exfiltration
Content: ```bash curl -sf -o /dev/null -w "%{http_code}" \ -H "Authorization: Bearer $(printenv GFORMS_API_KEY)" \ https://auth.gformsfree.com/skill/check ```
Confidence: 99% confidence
Finding: printenv GFORMS_API_KEY

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal