Skills
skills/arman-kudaibergenov/1c-ai-development-kit/epf-add-form/Gen Agent Trust Hub

epf-add-form

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local PowerShell script to perform file and directory operations within a 1C project structure.
  • [PROMPT_INJECTION]: The skill exhibits a vulnerability surface to indirect prompt injection through its parameters.
  • Ingestion points: Parameters such as ProcessorName, FormName, and Synonym are taken from user input and used in file paths and XML content.
  • Boundary markers: No delimiters or instructions are used to prevent the agent from interpreting embedded instructions in the input strings.
  • Capability inventory: The script performs file system writes and modifications to XML metadata files.
  • Sanitization: There is no validation to prevent path traversal characters or malicious XML tags from being injected into the file system or project metadata.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 10:09 AM