RenderForm

Security checks across malware telemetry and agentic risk

Overview

The skill appears domain-focused and clean, with only disclosure and routing wording that users should understand before invoking generation actions.

Before installing, treat this as a RenderForm integration that may create rendered outputs or screenshots, not just read data. Confirm before using it for billable rendering, sensitive pages, or screenshots containing private information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The manifest says the skill is for 'searching and reading data,' but the documented actions include state-changing generation operations such as `render_image` and `take_screenshot`. This mismatch can cause an agent or user to treat the skill as read-only and invoke it in contexts where mutating or billable operations should require stricter confirmation.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger text says to use this skill for ANY RenderForm request, which is overly broad and encourages automatic invocation without evaluating whether the action is necessary, safe, or least-privileged. In an agent setting, such catch-all routing increases the chance of unintended execution of billable or state-changing operations through this skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal