validate
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted XML data from 1C project files and incorporates that data directly into validation reports returned to the agent. This creates an attack surface where malicious instructions embedded in project files (e.g., in metadata, names, or synonyms) could influence the agent's subsequent behavior when it interprets the validation results. Ingestion points: All PowerShell scripts in the scripts/ directory load XML files using [XmlDocument]::Load(). Boundary markers: None used in script output to separate external data from validation logic. Capability inventory: The scripts possess file read and write capabilities and are executed via shell. Sanitization: Content extracted from XML files is not sanitized or escaped before being returned to the agent.
- [COMMAND_EXECUTION]: The skill executes local PowerShell scripts based on paths and arguments that could be influenced by user input. While the scripts themselves are focused on validation, the implementation relies on shell execution (powershell.exe) and provides a parameter (-OutFile) that allows writing the validation results to the local file system. This represents a standard risk surface if the agent does not properly constrain the input paths and the write locations.
Audit Metadata