Back to skill

Security audit

Form Auto

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed browser form-filling helper, but users should review filled personal data carefully before submitting any form.

Install only if you are comfortable letting the skill operate in your logged-in browser on forms you choose. Review every filled field before submitting, avoid payment or highly sensitive forms, and be cautious with saved templates until storage and deletion behavior are clear.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger conditions are broad everyday phrases such as 'help me fill out this form,' making accidental invocation likely. In a skill with browser access and access to browser session state, overbroad activation can cause unintended handling of personal data or actions on live websites without sufficiently specific user intent.

Ssd 3

Medium
Confidence
95% confidence
Finding
Reusing saved personal profile data from previous sessions creates a privacy and consent risk, especially because the skill also uses existing browser login state. If invoked on the wrong site or for the wrong form, it could disclose sensitive personal information from prior sessions without fresh, context-specific user authorization.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.