Skills
skills/arman-kudaibergenov/1c-ai-development-kit/mxl-validate/Gen Agent Trust Hub

mxl-validate

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses powershell.exe to run a local validation script (mxl-validate.ps1). The execution is limited to structural validation logic and reporting results to the console.- [PROMPT_INJECTION]: The skill processes untrusted external data, creating a surface for indirect prompt injection (Category 8).
  • Ingestion points: The script loads and parses external Template.xml files using the System.Xml.XmlDocument class.
  • Boundary markers: No specific delimiters or instructions are provided to the agent to ignore embedded instructions within the XML files.
  • Capability inventory: The script has read-only access to the file system for validation purposes and does not possess network or write capabilities.
  • Sanitization: The XML parser is used with default settings; it does not explicitly disable DTD processing or external entity resolution, which could theoretically be abused if the XML parser environment is not hardened against XXE.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 08:35 AM