subsystem-info
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes powershell.exe to execute a local script (scripts/subsystem-info.ps1) for parsing 1C configuration files.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through manipulated XML configuration files. Ingestion points: The script scripts/subsystem-info.ps1 reads and parses user-provided XML files (subsystem definitions and command interfaces). Boundary markers: No markers or delimiters are used when outputting data extracted from XML tags (such as Name, Synonym, Comment, and Explanation) to the agent context. Capability inventory: The associated PowerShell script has the ability to read and write arbitrary files on the system if paths are provided via the -OutFile parameter. Sanitization: The script does not sanitize or filter the content retrieved from the XML files, allowing potentially malicious instructions embedded in metadata to reach the LLM.
Audit Metadata