Skills
skills/arman-kudaibergenov/1c-ai-development-kit/db-run/Gen Agent Trust Hub

db-run

Fail

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: The PowerShell script scripts/db-run.ps1 accepts a -Password parameter and subsequently prints the entire command line, including the password in plain text, to the console via the Write-Host command. This exposes sensitive credentials in the agent's output and logs.
  • [COMMAND_EXECUTION]: The skill uses Start-Process to run the 1C:Enterprise executable with arguments constructed from user input and local configuration files. This dynamic command construction involves unvalidated paths and parameters.
  • [REMOTE_CODE_EXECUTION]: The -Execute parameter allows the skill to load and run external 1C processing files (.epf). This capability can be leveraged to execute arbitrary logic within the 1C environment if the file path is pointed to a malicious script.
  • [EXTERNAL_DOWNLOADS]: The skill's source code references an untrusted GitHub repository (github.com/Nikolay-Shirokov/cc-1c-skills) in its header, which is not associated with the stated author or any trusted vendor organizations.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 4, 2026, 10:14 AM