Back to skill

Security audit

Form Builder Pro

Security checks across malware telemetry and agentic risk

Overview

This is a coherent form-building skill with dependency and untrusted-template cautions, but no evidence of hidden, destructive, persistent, or unrelated behavior.

Install only if you are comfortable managing Python dependencies yourself. For production use, pin reviewed versions of jsonschema, PyYAML, and Jinja2, and do not load form configs or render templates from untrusted sources unless you add validation and sandboxing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Unpinned Dependencies

Low
Category
Supply Chain
Content
jsonschema>=4.19.0
pyyaml>=6.0
jinja2>=3.1.0
Confidence
89% confidence
Finding
jsonschema>=4.19.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
jsonschema>=4.19.0
pyyaml>=6.0
jinja2>=3.1.0
Confidence
97% confidence
Finding
pyyaml>=6.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
jsonschema>=4.19.0
pyyaml>=6.0
jinja2>=3.1.0
Confidence
95% confidence
Finding
jinja2>=3.1.0

Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical
Category
Supply Chain
Confidence
96% confidence
Finding
pyyaml

Known Vulnerable Dependency: jinja2 — 10 advisory(ies): CVE-2019-10906 (Jinja2 sandbox escape via string formatting); CVE-2014-1402 (Incorrect Privilege Assignment in Jinja2); CVE-2025-27516 (Jinja2 vulnerable to sandbox breakout through attr filter selecting format metho) +7 more

High
Category
Supply Chain
Confidence
94% confidence
Finding
jinja2

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.