interface-validate
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from untrusted XML files and echoes it back to the agent context within the validation report.
- Ingestion points: The script
scripts/interface-validate.ps1reads the target file usingGet-Contentand parses it as XML. - Boundary markers: The output report does not use clear delimiters or specialized instructions to prevent the agent from being influenced by data extracted from the XML elements (e.g., command names or metadata).
- Capability inventory: The skill can read local files and write data to arbitrary paths using the
-OutFileparameter, which could be exploited if the agent is tricked into providing a sensitive system path. - Sanitization: Attributes and inner text from the XML (such as command names and group references) are included directly in the report without any escaping or filtering, creating a potential path for an attacker to inject instructions into the agent's reasoning process.
Audit Metadata