epf-expert
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's primary functionality involves executing a series of PowerShell scripts (
epf-init.ps1,epf-build.ps1,epf-dump.ps1,add-form.ps1) to automate 1C platform tasks. These scripts invoke the 1C Enterprise executable (1cv8.exe) using parameters such as file paths, database connection strings, and filenames that are passed as arguments from the agent environment. - [CREDENTIALS_UNSAFE]: Instructions in
SKILL.mdand the implementation inepf-build.ps1andepf-dump.ps1encourage passing 1C database authentication details (-UserNameand-Password) as clear-text command-line arguments. This method of handling credentials makes them susceptible to exposure in process logs, command history, and system monitoring tools. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as outlined below:
- Ingestion points: The agent is instructed to read project settings from
.v8-project.jsonand process XML source files within thesrcdirectory. - Boundary markers: There are no boundary markers or protective instructions used when reading these external files to prevent embedded text from being interpreted as agent instructions.
- Capability inventory: The skill utilizes file system modification capabilities (
Write,Edit) and shell execution (Bash) to manage 1C objects and run platform commands. - Sanitization: There is no evidence of sanitization, escaping, or validation performed on the data retrieved from configuration files or XML sources before it is used to construct shell commands or influence agent behavior.
Audit Metadata