Skills
skills/arman-kudaibergenov/1c-ai-development-kit/form-remove/Gen Agent Trust Hub

form-remove

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local PowerShell script (remove-form.ps1) to perform file system operations. Parameters provided by the user are passed directly to the script execution command.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection and path traversal due to the lack of input sanitization on file-system-bound parameters.
  • Ingestion points: The ObjectName, FormName, and SrcDir arguments in SKILL.md are taken from user input.
  • Boundary markers: None; there are no protective delimiters or warnings to the agent regarding the handling of these inputs.
  • Capability inventory: The script scripts/remove-form.ps1 has the capability to delete files and directories (Remove-Item) and modify existing XML files (XmlDocument.Save).
  • Sanitization: Absent; the script uses Join-Path but does not verify that the resulting path is restricted to the intended project directory, which could allow an attacker to target arbitrary system files if they can influence the parameters.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 10:31 AM