Skills
skills/arman-kudaibergenov/1c-ai-development-kit/template-add/Gen Agent Trust Hub

template-add

Warn

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Risk of shell command injection in SKILL.md. The command string interpolates user input directly into a PowerShell call: powershell.exe ... -ObjectName "<ObjectName>". Malicious input containing characters like " and ; could execute arbitrary commands.
  • [PROMPT_INJECTION]: Vulnerability to indirect XML injection in scripts/add-template.ps1. User-provided strings for names and synonyms are inserted directly into XML templates without escaping. This allows an attacker to alter the XML structure of the 1C project files.
  • [PROMPT_INJECTION]: Indirect injection risk surface analysis: 1. Ingestion points: User-provided arguments in SKILL.md and target XML files read from the local repository in scripts/add-template.ps1. 2. Boundary markers: No delimiters or specific safety instructions are used to separate untrusted input from logic. 3. Capability inventory: The skill has the ability to create directories, write new files, and modify existing XML configuration files in the source directory. 4. Sanitization: The skill lacks sanitization, validation, or escaping mechanisms for external content before interpolation into shell commands or XML documents.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 4, 2026, 10:06 AM