Skills
skills/arman-kudaibergenov/1c-ai-development-kit/template-remove/Gen Agent Trust Hub

template-remove

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill specifies a PowerShell command line in SKILL.md that interpolates user-provided parameters directly into a string. If the agent does not properly escape these parameters, an attacker could potentially execute arbitrary commands by breaking out of the double-quoted strings.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection if the object or template names are retrieved from untrusted sources, as these names are used in sensitive file operations.\n
  • Ingestion points: The <ObjectName> and <TemplateName> parameters are used directly to construct file system paths.\n
  • Boundary markers: None. The instructions do not define delimiters or warnings for the agent regarding the handling of these inputs.\n
  • Capability inventory: The skill can recursively delete directories (Remove-Item -Recurse -Force in scripts/remove-template.ps1) and overwrite existing XML files.\n
  • Sanitization: The script uses Join-Path but does not include checks to prevent path traversal sequences (e.g., ..), which could allow for the deletion of files outside the intended project scope.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 10:44 AM