Skills
skills/arman-kudaibergenov/1c-ai-development-kit/epf-validate/Gen Agent Trust Hub

epf-validate

Warn

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The command template in SKILL.md (powershell.exe ... -ObjectPath "<путь>") is vulnerable to shell command injection. If the ObjectPath contains unescaped double quotes and shell control characters (e.g., & or |), an attacker could execute arbitrary commands on the host system.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It extracts metadata from XML files and prints it directly to the console, which could be used to manipulate the agent's behavior.
  • Ingestion points: The script scripts/epf-validate.ps1 reads and parses XML files using System.Xml.XmlDocument based on the provided ObjectPath.
  • Boundary markers: None. The output does not use delimiters to separate tool-generated text from untrusted content retrieved from the file.
  • Capability inventory: The skill can read files from the filesystem, write to arbitrary paths via the -OutFile parameter, and display results to the agent.
  • Sanitization: No sanitization or escaping is performed on XML node values before they are included in the console output.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 26, 2026, 08:36 AM