Skills
skills/arman-kudaibergenov/1c-ai-development-kit/epf-build/Gen Agent Trust Hub

epf-build

Warn

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script 'scripts/epf-build.ps1' executes the 1C platform binary ('1cv8.exe') using 'Start-Process'. The execution environment and arguments are derived from external configuration files like '.v8-project.json'.
  • [CREDENTIALS_UNSAFE]: Database passwords are accepted as parameters and passed to the 1C executable as plaintext command-line arguments using the '/P' flag. This makes sensitive credentials visible to other users and system monitoring tools.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: Reads '.v8-project.json' and XML source files. 2. Boundary markers: Absent; no delimiters are used to isolate untrusted data. 3. Capability inventory: Executes local binaries via 'Start-Process' and performs file system operations. 4. Sanitization: None; the skill trusts the content of the configuration and source files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 26, 2026, 08:35 AM