epf-dump
Fail
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The PowerShell script
scripts/epf-dump.ps1accepts a-Passwordparameter for 1C:Enterprise authentication and explicitly logs the full command-line arguments, including the password in plain text, to the console usingWrite-Host "Running: 1cv8.exe $($arguments -join ' ')". This behavior results in sensitive credentials being recorded in the agent's output history and potentially in persistent log files. - [COMMAND_EXECUTION]: The skill determines the path to the 1C:Enterprise executable (
v8path) by reading from a.v8-project.jsonfile in the project root. Because this path is used directly inStart-Processwithout validation or sandboxing, an attacker could supply a malicious path to an arbitrary executable, leading to code execution when the skill is run. - [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface by ingesting values from an external, untrusted configuration file to influence its execution logic.
- Ingestion points: The
.v8-project.jsonfile located in the root directory. - Boundary markers: There are no boundary markers, delimiters, or instructions provided to the agent to ignore embedded commands or instructions within the JSON data.
- Capability inventory: The skill has capabilities to create and delete directories (
New-Item,Remove-Item) and execute external binaries viapowershell.exeandStart-Process(scripts/epf-dump.ps1). - Sanitization: There is no evidence of validation, escaping, or filtering of the values retrieved from the JSON configuration before they are interpolated into the PowerShell execution context.
Recommendations
- AI detected serious security threats
Audit Metadata