Skills
skills/arman-kudaibergenov/1c-ai-development-kit/erf-init/Gen Agent Trust Hub

erf-init

Warn

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The instruction file SKILL.md provides a command template (powershell.exe -NoProfile -File ... -Name "<Name>") that interpolates user-supplied input directly into a shell execution. This creates a risk of command injection if the agent does not properly escape characters like quotes, semicolons, or backticks provided in the <Name>, <Synonym>, or <SrcDir> fields.
  • [COMMAND_EXECUTION]: The PowerShell script scripts/init.ps1 constructs file paths using the $Name and $SrcDir parameters without sufficient sanitization. This could allow for path traversal attacks, where a malicious name (e.g., "../../backdoor") results in files being written to unintended locations on the host system.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 26, 2026, 08:35 AM