form-compile
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill is a local transformation tool for 1C developers.- [COMMAND_EXECUTION]: The skill executes a PowerShell script (
form-compile.ps1) to process the JSON input. It uses the-NoProfileflag, which is a security best practice to prevent the execution of arbitrary profile scripts.- [PROMPT_INJECTION]: The skill's input surface was analyzed for Indirect Prompt Injection risks as it processes external JSON data to generate XML. Ingestion point:scripts/form-compile.ps1via the$JsonPathargument. Boundary markers: Absent. Capability inventory: Local file read and write operations. Sanitization: The script uses anEsc-Xmlfunction to sanitize text content inside the XML tags, which prevents basic injection into the generated 1C form. Note: XML attribute values are not escaped, which is a minor hygiene concern for the generated file's integrity but does not threaten the host system.
Audit Metadata