role-info
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill's behavior is consistent with its stated purpose of parsing local XML files for role auditing. No malicious patterns, external downloads, or data exfiltration attempts were detected.
- [COMMAND_EXECUTION]: The skill utilizes PowerShell to execute a local script (
role-info.ps1). This is a standard and safe use of the command-line interface for structured data processing within the agent's environment. - [INDIRECT_PROMPT_INJECTION]: The skill processes content from user-provided XML files, which presents a surface for indirect prompt injection if those files contain malicious instructions.
- Ingestion points:
scripts/role-info.ps1reads data fromRights.xmland associated metadata XML files. - Boundary markers: The skill output does not currently utilize specific delimiters or warnings to isolate the parsed content from the agent's instruction context.
- Capability inventory: The skill has the capability to read files from the filesystem, write results to files, and execute PowerShell scripts.
- Sanitization: Content is extracted from XML nodes using standard .NET XML libraries without additional sanitization before being presented to the agent.
Audit Metadata