Skills
skills/arman-kudaibergenov/1c-ai-development-kit/form-add/Gen Agent Trust Hub

form-add

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a PowerShell script (scripts/form-add.ps1) to perform file system operations and XML manipulations. This is the primary mechanism of the skill.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through schema confusion.\n
  • Ingestion points: The script scripts/form-add.ps1 processes user-supplied parameters FormName and Synonym via command-line arguments.\n
  • Boundary markers: The script does not use specific markers or delimiters to isolate untrusted data within the XML structure.\n
  • Capability inventory: The script possesses the capability to write and modify files in the 1C project directory using [System.IO.File]::WriteAllText and [System.Xml.XmlDocument]::Save.\n
  • Sanitization: The script lacks escaping for XML special characters when interpolating variables into the metadata templates (using PowerShell here-strings), which could allow a malicious user or data source to inject unexpected XML elements into the configuration files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 03:45 AM