skd-edit
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
- Ingestion points: The skill reads and processes external 1C DCS XML files (Template.xml) specified by the user.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard potentially malicious natural language instructions embedded within the XML data fields or comments.
- Capability inventory: The skill has permissions for file system operations (Read, Write, Glob) and command execution via Bash and PowerShell.
- Sanitization: The PowerShell script includes an Esc-Xml function to ensure XML structural integrity, but it does not perform sanitization of the content for prompt injection vectors.
- [COMMAND_EXECUTION]: Script Parameter Interpolation.
- The skill executes a local PowerShell script (skd-edit.ps1) using shell command lines.
- Parameters such as TemplatePath and Value are interpolated into the command string, creating a surface for potential argument injection if the calling agent does not rigorously sanitize or escape these inputs.
Audit Metadata