Web Auto Form

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed browser form automation skill, with expected risks around submitting forms, uploading files, and extracting page data.

Install only if you want an agent to automate browser form workflows. Review each generated run configuration before execution, especially steps that submit forms, create accounts, log in, upload local files, extract page content, disable sandboxing, or enable debug artifacts, because screenshots, HTML snapshots, traces, and inline diagnostics may contain sensitive data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The tool description uses very broad trigger language such as 'web form automation', 'data entry', 'sign-up', and 'any multi-step browser interaction task', which can cause an agent to invoke the skill in situations where browser automation is unnecessary or risky. Because this skill can navigate to arbitrary URLs, fill forms, upload files, and extract page data, over-triggering increases the chance of unintended actions, privacy exposure, or execution on attacker-controlled sites.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal