Skills
skills/arman-kudaibergenov/1c-ai-development-kit/help-add/Gen Agent Trust Hub

help-add

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses powershell.exe to execute a local script (add-help.ps1) with parameters provided by the user.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its input parameters.
  • Ingestion points: The ObjectName, Lang, and SrcDir parameters in scripts/add-help.ps1 are used to construct file paths and file content.
  • Boundary markers: No explicit sanitization or validation of the input parameters is performed to ensure they do not contain directory traversal characters (e.g., ../) or malicious HTML/XML content.
  • Capability inventory: The script has the capability to create directories (New-Item), write new files (WriteAllText), and modify existing XML files on the local filesystem.
  • Sanitization: Input parameters are interpolated directly into HTML templates and path-joining functions without escaping or validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 10:15 AM