Skills
skills/arman-kudaibergenov/1c-ai-development-kit/epf-init/Gen Agent Trust Hub

epf-init

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes powershell.exe to execute a local initialization script provided within the skill package. The execution pattern relies on the AI agent to correctly handle and escape user-supplied arguments to prevent potential command-line injection.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) by processing untrusted user input into file paths and XML content.\n
  • Ingestion points: The arguments Name, Synonym, and SrcDir are accepted as input and used directly in the PowerShell script logic.\n
  • Boundary markers: There are no protective delimiters or instructions to ignore embedded commands provided in the inputs or metadata.\n
  • Capability inventory: The skill utilizes file system write permissions to create directories and files through standard PowerShell operations.\n
  • Sanitization: The script lacks validation logic to prevent path traversal characters (such as ..) in the Name or SrcDir variables, which could allow file creation outside of the intended source directory if the agent does not sanitize these inputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 08:36 AM